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Abstract 

We face the problems of correctness, optimality and precision for the static analysis of logic 
programs, using the theory of abstract interpretation. We propose a framework with a de- 
notational, goal-dependent semantics equipped with two unification operators for forward 
unification (calling a procedure) and backward unification (returning from a procedure). 
The latter is implemented through a matching operation. Our proposal clarifies and unifies 
many different frameworks and ideas on static analysis of logic programming in a single, 
formal setting. On the abstract side, we focus on the domain Sharing by Jacobs and Lan- 
gen and provide the best correct approximation of all the primitive semantic operators, 
namely, projection, renaming, forward and backward unification. We show that the ab¬ 
stract unification operators are strictly more precise than those in the literature defined 
over the same abstract domain. In some cases, our operators are more precise than those 
developed for more complex domains involving linearity and freeness. 

KEYWORDS: Abstract interpretation, logic programming, existentially quantified substi¬ 
tutions, unification, matching, sharing. 


1 Introduction 

Abstract interpretation (ICousot and Cousot 1992P is a general theory for static 
analysis of programs. The basic idea of abstract interpretation is to use the for¬ 
mal semantics of languages to analyze and verify program properties. An abstract 
interpretation is specified by: 

• a concrete domain and a concrete semantics, inductively defined on the syntax 
of programs from a set of primitive concrete operators; 

• an abstract domain, whose elements describe the program properties we want 
to observe; 

• the primitive abstract operators on the abstract domain, which mimic the 
behavior of the corresponding concrete operators. The abstract semantics is 
defined from the concrete one by replacing each concrete operator with its 
abstract counterpart. 
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Abstract interpretation has been widely used to design static analysis of logic pro¬ 
grams. In the literature, we find many proposals for the concrete domain, the con¬ 
crete semantics, the abstract domain and the abstract operators. For instance, Hans 
and Winkler (1992) focus on the abstract domains, Howe and King (20031 on the 
abstract operators. King and Longley (19951 on improving existing analysis using 
a more refined concrete semantics, while Cortesi et al. (1996) propose a complete 
framework, combination of particular concrete semantics and abstract domains. In 
many cases, the correctness of the analysis is taken for granted, since the concrete 
semantics is not completely specified. However, when applying several of these im¬ 
provements to a single analysis framework, the improved analysis may significantly 
differ from the original proposal, and a new proof of correctness is needed for the 
overall analysis. This is especially true for logic programming, whose basic compu¬ 
tational mechanism, unification, is intrinsically more complex than assignment or 
matching, used in other programming paradigms. 

The aim of this article is mainly to clarify and unify several different proposals for 
the goal-dependent analysis of logic programs. Inspired by the work of Cortesi et al. 
(1996), we propose a new denotational framework which combines and improves 
many different ideas appeared in the literature. Later, we focus on the abstract 
domain Sharing by Jacobs and Langen (19921, and we develop an analysis which is 
strictly more precise than the others in the literature. We formally prove correctness 
of the overall analysis and optimality of all the involved abstract operators. 

When designing a new analysis, one needs to choose a concrete domain and se¬ 
mantics, an abstract domain and abstract operators. Although these choices are 
related, in the following we will introduce them separately, showing available alter¬ 
natives, possible improvements and the contributions of this paper. 


Concrete domain 

Typically, concrete semantics of logic programs are defined over substitutions. How¬ 
ever, substitutions are often too informative. For example, consider the one-clause 
program p(x, x) and the goal p{x,y). All of {x/y}, {y/x}, {x/u,y/u}, {x/v,y/v} 
are computed answers, corresponding to different choices of most general unifiers 
and renamed clauses. Often, especially in the case of static analysis, we are not 
interested in making any distinction among them. Thus, it would be more natural 
to adopt a domain of equivalence classes of substitutions. Many frameworks for 
abst ract interpretation of logic programs (|Jacobs and Langen 1992| Marriott et al. 
1994; |Levi and Spoto 2003D have adopted similar solutions for avoiding redundancy 
and causality when choosing computed answers. 

Nevertheless, the standard semantics of logic programs, namely SLD resolution, 
is based on substitutions and unification. Thus, any framework for logic program¬ 
ming should relate, in some way, to standard substitutions, in order to prove that 
the semantics reflects the underlying operational behavior. However, none of the 
above frameworks formally states the correspondence between the proposed con¬ 
crete domain and standard substitutions. Although this correspondence is clear 
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from an intuitive point of view, we think that substitutions are tricky objects, 
where intuition often fails. 


Our contribution. We propose a new concrete domain of classes of substitutions, 
called existential substitutions, equipped with a set of primitive operators for pro¬ 
jection, renaming and unification. We formally state the correspondence between 
substitutions and existential substitutions, and in particular between the corre¬ 
sponding unification operators. Moreover, we show the relationship between our 
proposal and the domain ESubst by Jacobs and Langen (19921. 


Concrete semantics 


We are interested in goal-driven analysis of logic programs. Therefore we need a 
goal-dependent semantics which is well suited for static analysis, i.e., a collecting 
semantics over computed answer substitutions. Unfortunately, using a collecting 
goal-dependent semantics may lead to a loss of precision already at the concrete 
level, as shown by Marriott et al. (19941. Basically, in any goal-dependent semantics, 
the unification operator is used twice: 


• For performing parameter passing by unifying the given goal and the call 
substitution with the head of the chosen clause. The result is a new goal and 
an entry substitution. This operation is called forward unification. 

• For propagating back to the initial goal the exit substitution (that is, the 
result of the sub-computation), so obtaining the answer substitution for the 
initial goal. This operation is called backward unificatioi^ 


substitutio 




backward unification 



For instance, given the initial goal p{x) and the call substitution {x/f{y)}, we 
unify with the head of the clause p(z) <— q(z) by computing the most general uni¬ 
fier {x/f{y), z/f{y)}, which, projected on the variables of the clause, is simply 
{z/f{y)}- Projection is needed in order to avoid an unbounded growing of the set 
of variables in the entry substitution. This is acceptable at the concrete level, but 


^ We follow ICortesi et al. (199^ and call these ope rators forward and backward unification. 
BniyiK30ghe_Jjj9lfyajid_Jtjj3ns__ajjd__Winkler (1992^ use procedure entry and procedure exit. 
CTutTiu^umarand Hermenegildo~(T99T^ use calLtoJentry and exitJ,o^success. 
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not at the abstract level, where it may lead to non-terminating analysis. The new 
goal and entry substitution become q{z) and {z/f{y)}. Once we have obtained an 
exit substitution for the goal q{z), for instance {z/f{a)}, we have to relate this re¬ 
sult to the original goal p{x). Thus we need a so-called backward unification, which 
allows us to conclude that {x//(a)} is an answer for p{x) with call substitution 

[x/fiy)}- 

The backward unification operator introduces a loss of precision, due to the fact 
that we deal with a set of call substitutions, from which we possibly obtain a set of 
exit substitutions. Now, when we go backward to obtain the answer substitutions, 
we may unify a call substitution with an exit substitution which does not pertain 
to the same computational path (jMarriott et al. 1994^ . 

It is possible to reduce the impact of this problem by using two different operators 
for forward and backward unification ( [Bruynooghe 1991} ILe Charlier et al. 1991[l . 
In this way, backward unification can be realized using the operation of matching 
between substitutions. 

Our contribution. We propose a denotational goal-dependent semantics equipped 
with two different forward and backward unification operators. Backward unifi¬ 
cation uses matching, exploiting the property that the exit substitution is more 
instantiated than the call substitution. We prove that the concrete semantics is 
correct and show that the new semantics is strictly more precise than semantics 
which do not use matching. 


Abstract domain 


One of the most interesting (and studied) property for logic programs is sharing. 
The goal of (set) sharing analysis is to detect sets of variables which share a common 
variable. For instance, in the substitution {x/f{z, a),y/g{z)} the variables x and 
y share the common variable z. Typical applications of sharing analysis are in 
optimization of unification ( [Spndergaard 1986 1 and parallelization of logic programs 
( Hermenegildo and Rossi 1995^ . 

The basic domain for set sharing analysis is Sharing, introduced in ( |Langen 1990[ 
Jacobs and Langen 1992[ ). It is widely recognized that Sharing is not very precise, 
so that it is often combined with other domains for freeness, linearity, groundness 
or structural information (see Bagnara et al. (20051 for a comparative evaluation). 


Since this paper does not address the problem to find the best possible domain for 
set-sharing analysis, we will focus on the domain Sharing. 


Abstract operators 

Once the concrete semantics and the abstract domain have been fixed, the next 
step is to find suitable abstract operators which mimic the behavior of the concrete 
ones. The theory of abstract interpretation ensures the existence of the optimal 
(best correct) abstract operator for each concrete operator. Although the optimal 
abstract operator enjoys a constructive characterization, this is not amenable to a 
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direct implementation. Therefore, finding an algorithm to compute optimal abstract 
operators is one of the main difficulties in any abstract interpretation project. 

We think that there are several reasons to look for the optimal operator, instead 
of just using a correct one. In fact, one may argue that a well-design correct operator 
may be much faster then the optimal one, and does not lose much precision in real 
programs. Although we agree with this point, we think that knowing the optimal 
abstract operator, even if we do not plan to implement it, is useful to understand 
the potentiality and limits of the abstract domain in use, and to guide the search for 
a more precise (or more efficient) domain. Moreover, at least in the case of sharing 
analysis, the more precise the abstract operators are, the smaller are the abstract 
objects computed during the analysis. Therefore, it may be worth spending more 
time in computing the abstract operators, in order to keep the abstract objects 
simpler (and the analysis more precise). 

The primitive concrete operators used in the semantics of logic programs are 
renaming, projection, unification and matching. Renaming and projections are not 
problematic at all: it is generally immediate to find their optimal abstract coun¬ 
terparts, which most of the time are also complete, i.e., they do not lose precision 
w.r.t. the corresponding concrete operators fCousot and Cousot 19791 Giacobazzi 
et al. 2000 '). 


Things are different for unification, which is a very complex operator. In fact, 
despite several works in this field, the best correct abstraction of unification for 
the domain SFL ( [King and Longley 1995D , which combines sharing, freeness and 
linearity, is still unknown. For the domain Sharing, Cortesi and File (19991 have 
shown that abstract unification defined in Jacobs and Langen (1992) is optimal. 
However, this result has been obtained for a concrete semantics which uses the same 
unification operator to compute both forward and backward unification. 


We have already said that a specialized backward unification operator may im¬ 
prove precision at the concrete level. In turn, the improvement in precision is re¬ 
flected at the abstract level, if the abstract backward unification operator is de¬ 
signed to mimic matching instead of standard unification. This idea is implemented 
in real abstract interpreters such as GAIA (|Le Charlier et al. 1991|) and PLAI 
(Muthukumar and Hermenegildo 1992). However, none of the papers which are 
base d on a specialized backward unification operator with matching ( Bruynooghe 
1991 ^e Charlier and Van Hentenryck 1994[IHans and Winkler 19921 Muthukumar 
and Hermenegildo 1992; King and Longley 1995) has ever proved optimality of 
the proposed abstract operators. As we will show later, those abstract operators 
which involve set-sharing information (|Hans and Winkler 19921 Muthukumar and 
Hermenegildo 1992; [King and Longley 1995) are not optimal. 


In addition, the abstract forward unification operator can be specialized in order 
to exploit the peculiarity of this process: the variables which occur in the clause 
head are always renamed apart w.r.t. the goal and the calling substitutions, hence 
they are free and independent. However, this idea has never been applied before 
in the general case, but only for abstract domains which explicitly contain freeness 
and linearity information. 
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Our contribution. We provide abstract operators for renaming, projection, forward 
unification and backward unification. We prove that all our operators are optimal 
and that renaming and projection are also complete. We show that abstract forward 
unihcation is able to exploit freeness and linearity information. The new backward 
and forward unification operators strictly improve over previous proposals for the 
domain Sharing. 

Although freeness and linearity information are exploited by the forward abstract 
unihcation operator, this information is not encoded in the abstract domain, but 
is just used in the internal steps of the abstract unihcation algorithm. This means 
that the algorithm cannot be immediately extended to work with more complex 
domains, such as SFL ( |King and Longley 1995D , retaining optimality. Nonetheless, 
the abstract unihcation is able to exploit freeness and linearity better than other 
algorithms and could be used to improve the unihcation operation in more complex 
domains. 


Plan of the paper 


The next section recalls some basic dehnitions and the notations about abstract 
interpretation and substitutions. In Section [3] we dehne the domain of existentially 
quantihed substitutions and its operators. In Sections[4]and[5]we dehne the concrete 
and abstract semantics. Finally, in Sections [ 6 ] and [7] we give the algorithms for com¬ 
puting the forward and backward abstract unihcation and show their correctness 
and optimality. In Section [5] we compare our framework with related work. 

The article is a substantial expansion of (| Amato and Scozzari 2002^ . which in¬ 
troduces preliminary results using standard substitutions. A partial presentation of 


existential substitutions appeared in Amato and Scozzari (2003). 


2 Notations 

Given a set A, let p{A) be the powerset of A and pf{A) be the set of hnite subsets of 
A. Given two posets (A, <a) and {B, <b), we denote hy A^ B {A-^ B) the space of 
monotonic (continuous) functions from Ato B ordered pointwise. When an order for 
A or i? is not specihed, we assume the least informative order {x <y x = y). 

We also use AW B to denote disjoint union and |A| for the cardinality of the set A. 

Given complete lattices A, C, a Galois connection (|Cousot and Cousot 197^ 
(a, 7 ) : C ^ A is given by a pair of maps a ■. C ^ A, y : A ^ C such that a(c) <a 
a c <c 7 ( 0 )- A Galois connection is a Galois insertion when a is onto (or 

equivalently, 7 is injective). We say that an abstract operator /“ : A ^ A is correct 
w.r.t. a concrete operator / :C^C when Vc £ C. (ao/)(c) <a (/“oa)(c), which is 
equivalent to Va G A. {foy){a) <c ( 7 o/“)(a) andtoVa G A. {aofoy)(a) <a /“(a). 
The abstract operator is optimal when /“ = a o / o 7 . In this case /“ is called the 
best correct approximation of /. When ao f = f°‘ oa then /“ is said to be complete, 
while if / o 7 = 7 o /“ then /“ is y-complete. 

In the following, we fix a first order signature (E, 11) and an infinite set of variables 
V. We assume that there are a constant symbol and a function symbol of arity at 
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least twco. We use Terms and Atoms to denote the sets of terms and atomic formulas 
(atoms) respectively. Moreover, we call body or goal a finite sequence of atomic 
formulas, clause an object H *— B where H is an atom and S is a body, program 
a set of clauses. We use □ for the empty body and we write H as a short form 
for H ^ O. We denote with Bodies, Clauses and Progs the set of bodies, clauses 
and programs respectively. Given a term t, we denote by vars(t) the set of variables 
occurring in t and by uvars(t) the subset of vars(t) whose elements appear once in 
t (e.g., uvars(/(x, y) = f{y, z)) = {x, z}). We apply vars and uvars to any syntactic 
object, with the obvious meaning. We abuse the notation and write a syntactic 
object o instead of the set of variables vars(o), when it is clear from the context 
(e.g., if t is a term and a: G V, then x G t should be read as x G vars(t)). 

We denote with e the empty substitution and by {cci/ti,..., Xn/tn} a substitution 
9 with 6{xi) = ti ^ Xi- Let dom( 6 *) be the set {xi,... ,Xn} and rng(0) be the set 
vars({ti,... ,tn})- Thus we have that vars(0) = dom(0) U rng(0). Given U G p/(V), 
let 6*|(7 be the projection of 9 on U, i.e., the unique substitution such that 9^^{x) = 
9{x) ifx GU and 9\ij{x) = x otherwise. We also write 9^_^ to denote the restriction 
of 9 over all variables but those in U, i.e., 9\_u = 6 *|dom(e)\c/- Given 9i and 6*2 two 
substitutions with disjoint domains, we denote by 9i W 6*2 the substitution 9 such 
that dom(0) = dom(0i) U dom( 6 * 2 ) and 9{x) = 9i{x) if a; G dom(0i), for each 
i G {1,2}. The application of a substitution 0 to a term t is written as t9 or 9{t). 
Given two substitutions 9 and 6, their composition, denoted by 0 o (5, is given by 
{9 o S){x) = 9{5{x)). A substitution p is called renaming if it is a bijection from 
V to V (this is equivalent to say that there exists a substitution p~^ such that 
p o p~^ = p~^ o p = e). A substitution 9 is idempotent when dom(0) Cl rng(0) = 0. 
Instantiation induces a preorder on substitutions: 9 is more general than 6, denoted 
hy 6 < 9, if there exists a such that cr o 6 * = 5. If « is the equivalence relation 
induced by <, we say that cr and 9 are equal up to renaming when a k, 9. The 
set of substitutions, idempotent substitutions and renamings are denoted by Subst, 
ISubst and Ren respectively. 

Given a set of equations E, we write a = mgu(i?) to denote that cr is a most 
general unifier of E such that vars(cr) C vars(i?). Since cr is defined up to renamings, 
we use this notation only in cases where the choice of the actual unifier does not 
matter. Any idempotent substitution cr is a most general unifier of the corresponding 
set of equations Eq(cr) = {x = cr(x) | x G dom(cr)}. In the following, we will 
abuse the notation and denote by mgu(cri,..., cr„), when it exists, the substitution 
mgu(Eq(cri) U . .. U Eq(CT„)). 

In the rest of the paper, we use: U, V, W to denote finite sets of variables; 
h, k, u, V, w, X, y, z for variables; c, s, t for term symbols or terms; a, b for constants; 
cl for clauses; 77 , 0, cr, 6 for substitutions; p for renamings. All these symbols can be 
subscripted or superscripted. 


^ Otherwise every term has at most one variable and the structure of terms is trivial. We need 
this assumption in Section l8. H and in the proofs of optimality of unification and matching. 
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3 Domains of Existentially Quantified Substitutions 

The first question when analyzing the behavior of logic programs is what kind 
of observable we are interested in. Undoubtedly, computed answers have played a 
prominent role, since they are the result of the process of SLD-resolution. Moreover, 
they have several nice properties: and-compositionality, condensing and a bottom- 
up Tp-like characterization (|van Emden and Kowalski 19761 IBossi et al. 1994)l . 
Standard semantics for logic programs, e.g., the s-semantics in (jBossi et al. 1994p . 
are defined over equivalence classes of atoms modulo renaming. For example, con¬ 
sider the one-clause program p(x,x) and the goal p{x,y). All of p{x,x), piy,y), 
p{u,u) and p{v,v) are computed instances, corresponding to different choices of 
most general unifiers and renamed clauses, but we are not interested in making any 
distinction among them. 

However, when we consider a denotational semantics suitable for program analy¬ 
sis, computed answer substitutions are much more useful than computed instances, 
since most of the domains are expressed as abstraction of sets of substitutions. As 
before, we are not really interested in the substitutions, but in their quotient-set 
w.r.t. a suitable equivalence relation. But in this case we cannot take renaming as 
the relevant equivalence relation. Let us consider the substitutions corresponding to 
the computed instances in the previous example: we obtain 6 *i = {y/x}, 6*2 = {x/y}, 
03 = {x/u, y/u} and 64 = {x/v, y/v}. Although 0i and 02 are equal up to renaming, 
the same does not hold for 6*3 and 04 . Nonetheless, they essentially represent the 
same answer, since u and v are just two different variables we chose when renaming 
apart the clause p(x, x) from the goal p(x, y), and therefore are not relevant. On the 
other side, if 03 and 6*4 were computed answers for the goal q{x,y,u), they would 
correspond to computed instances q{u, u, u) and g(u, v, u) and therefore would be 
definitively different. As a consequence, the equivalence relation we need to consider 
must be coarser than renaming, and must take into account the set of variables of 
interest, i.e., the set of variables which appear in the goal. 

A semantics which takes into account classes of substitutions may follow three 
possible directions: 

1 . it may compute only a subset of the computed answer substitutions, provided 
that the result contains at least one substitution for each equivalence class, 
e.g., (ICortesi et al. 199^ : 

2. it m ay compute all the computed answer substitutions, e.g.. I Le Charlier et al. 
1991 ^ 

3. it may be defined using a quotient domain of substitutions, e.g.. I Marriott 
et al. 1994). 

The problem with the first two solutions is that they work by directly manipulat¬ 
ing substitutions. It is common knowledge that this is quite tedious and error prone 
dShepherdson 1994| ). This happens because substitutions are too much related to 
syntax, so that the intuition of what should happen is often betrayed by the reality, 
when we need to handle problems such as variable clashes and renamings. Actually, 
at least one framework of the first kind, namely the widely used one in (Cortesi 
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and File 1999), has a small flaw due to an unsound treatment of variable clashes 
(this will be discussed in details in Section IQ]) . 

Moreover, the first approach is generally pursued by choosing a particular most 
general unifier and a fixed way of renaming apart terms and substitutions. The 
semantics is then parametric with respect to these choices. As stated by Jacobs 
and Langen (1992), this makes difficult to compare different semantics, since each 
of them may use different conventions for mgu and renaming. We would like to 
add that this also makes difficult to state properties of a given semantics (such 
as compositionality properties), since they only hold up to suitable equivalence 
relations. 

For these reasons, we think that the best solution is to move towards a domain 
of equivalence classes of substitutions. This does not mean we can avoid to work 
with substitutions altogether, but all the difficulties which arise, such as renaming 
apart and variables clashes, may be dealt with once and for all at the domain level, 
reducing the opportunities for subtle mistakes to appear. 


3.1 Yet another Domain of Existentially Quantified Substitutions 

In the literature there are several domains of equivalence classes of substitutions: 
ESubst ( [Jacobs and Langen 1992[ ), ex-equations ([Marriott et al. 19'Ml) and existen¬ 
tial Herbrand constraints ( [Levi and Spoto 2003 1. For all of them, the basic idea 
is that some variables, in a substitution or equation, are existentially quantified, 
so that their names become irrelevant. However, all these proposals depart from 
the standard notion of substitution. As a result, the relationship between what 
they compute and the standard set of computed answers for a goal has never been 
proved. We would like to reconcile these approaches with the standard concept of 
substitution: in particular, we want to prove that these domains are quotient sets 
of substitutions, w.r.t. suitable equivalence relations. 

We begin by introducing a new equivalence relation ~ over substitutions, which 
captures the extended notion of renaming which is needed to work with computed 


answers. Inspired by the seminal paper of Palamidessi (1990), we introduce a new 
domain Subst.^ of classes of substitutions modulo ~, which will be used in the rest 
of the papeJl. 

Given 01,02 S Subst and U £ p/(V), we define the preorder: 


01 ^(7 02 


3(5 G Subst.yu G U. 01 (u) = <5(02 (u)) 


( 1 ) 


Intuitively, if 0i :<u 02, then 0i is an instance of 02, provided we are only interested 
in the variables in U. 


Example 3.1 

It is easy to check that {x/a, y/u} :f{x,y} since we may choose <5 = {x/a, v/u} 

in O- Note that the same does not happen if we consider the standard ordering 


^ In Section 18.11 we will prove that Substr.^ and the domain ESubst | |Jacobs and Langen 1992| ) 
are isomorphic. 
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on substitutions, i.e., {x/a,y/u\ ^ {y/v}. Moreover, if we enlarge the set U of 
variables of interest, we obtain {x/a,y/u} :^[x,y,v} {v/v}- □ 

Note that, in Equation o, it is important that (5 is a generic substitution. If we 
restrict 6 to be idempotent, some equivalences do not hold anymore. For example, 
{x/t{u),y/t{v)} y| {x/v,y/u} and this is what we intuitively want, since the 
names of the variables u and v are not relevant. However, to prove this relation, we 
choose S = {u/t{v), V/t{u)} in ([ 1 ]), and it is not an idempotent substitution. 

Proposition 3.2 

-<u is a preorder for any U G p/(V). 

Proof 

Let U £ p/(V). By definition, 6 Fu 9 3(5 G Subst.Wv G U. 6{v) = S{9{v)), 

which is a tautology by choosing as S the empty substitution. Now assume 9 i Fu 
02 and 6*2 :<u ^ 3 - Therefore, there exist (5i and S 2 such that, \/v G U, 6i{v) = 
5 i{ 92 {v)) and 6 * 2 ( 1 ^) = 52 { 93 {v)). Therefore, Vu G U, it holds 9i{v) = Si{ 92 {v)) = 
Si{S 2 { 93 {v))). Therefore, by choosing as 6 the composition (5i o 62 we have that 
Si diu S 3 . □ 

The next step is to define the relation: 

Si S 2 -4=^ 3p G Ren.'iv G U. Si{v) = p( 6 * 2 (w)) , (2) 

which will be proved to be the equivalence relation induced by the preorder Fu. 
Example 3.3 

It is easy to check that {x/v,y/u\ ^{x,y} e by choosing p = {xlv^vlx,ylu^uly}. 
Note that is coarser than the standard equivalence relation ss: there is no 
renaming p such that e = po {x/v,y/u\. As it happens for if we enlarge the set 
of variables of interest, not all equivalences between substitutions are preserved: for 
instance, {x/v^y/u} '/^{x,y,v} £• □ 

Lemma 3.4 

Let 9 : V —fV a .11 injective map of variables. Then there exists p G Ren such that 
p{x) = 9{x) for each x gV and vars(p) = VU 9{V). 

Proof 

Since 9 is injective, \V\ = |0(E)1, from which it follows that |E\0(E)| = |0(E) \ E|. 
Let / be any bijective map from 9{V)\V to V\9{V), and let us define a substitution 
p as follows: 

{ 9{v) if V GV 
f{v) iivG9{V)\V 
V otherwise. 

Note that, iix gV, p{x) = 9{x) by definition. Moreover, it is easy to check that p is 
bijective, therefore, it is a renaming. Finally, vars(p) = dom(p) = VL) {9{V) \ V) = 
VU9{V). □ 
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Proposition 3.5 

The relation ~(7 is the equivalence relation induced by ^j/. 

Proof 

If 9i 02 there exists p S Ren such that Vv S U. 9i{v) = p{92{v)). By definition of 
:<u, have that 0i ^2 by choosing as (5 in ([T]) the renaming p. Symmetrically, 

by choosing as 5 the renaming p~^ (the inverse of p), it follows that 02 diu 

Now assume that 0i ^(7 ^2 and 02 :<u &i- Therefore there exist <5, 5' G Suhst 
such that 92 {x) = 5'{9i{x)) and 0i(a;) = 5(02(cc)), thus 02(a:) = 5'{5{92{x))) for 
each a; G t/. In general, 5 and 5' might not be renamings. Our goal is to build a 
renaming p, obtained by modifying 5, such that 0i(a:) = p(02(a;)), for each x € U. 
Let V = vars(02(f7)). Since each v € V belongs to vars(02(x)) for some x € U, 
it follows that (5' o d){v) = v for all v G V. Therefore, 5\y may be viewed as an 
injective map from V to V. By Lemma [3.41 there exists p G Ren such that p\y = 5\y. 
Therefore, for each x G U, p(02(a;)) = 6 {92{x)) = 0i(a:), hence 0i 02- □ 

It is worth noting that is coarser than < and that '^(7 is coarser than renam¬ 
ing, as shown by the following proposition. 

Proposition 3.6 

Given 0 G Subst, p G Ren and <5 G Suhst then p o 0 ~(7 0 and 5 o 9 < 1 / 9 for each 
U G PfiV). 

Proof 

Simply choose p and S as the relevant substitutions in 0 and (El). □ 

Now, let ISubstr^^u be the quotient set of ISubst w.r.t. ~c/. We define a new 
domain ISubst...^ of existential substitutions as the disjoint union of all the ISubst^.^^ 
for U G p/(V), in formulas: 

ISubstr^ = y ISubstr^jj . (3) 

U&Pf{V) 

In the following we write [0];7 for the equivalence class of 0 w.r.t. '^jj. We call 
canonical representatives of the equivalence class [0];7 G ISubst...^ the substitutions 
0' G ISubst such that 0' ~(7 0 and dom(0') = U. It is immediate to see that every 
existential substitution has a canonical representative, although it is not unique. 
For example, two canonical representatives of [{y/fix)}]x,y,z are {y/f{h), x/h, z/k} 
and {y/f{u),x/u, z/v}. Working with canonical representatives is of great help, 
especially in the proofs, since we are sure they have no variables of interest in the 
range. 

By definition of :<u, when 0 :<u 9' then, for all IF C fj, it holds that 0 :<w 9'. 
This allows us to define a partial order ^ over ISubst..., given by: 

[0]u < [9']v ^ UDVA9^v 9' . (4) 

Intuitively, [9]u ^ \9']v means that 0 is an instance of 0' w.r.t. the variables in F, 
provided that they are all variables of interest of 0. It is easy to show that ^ is well- 
defined in ISubstr^, that is it does not depend on the choice of the representatives. 
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Note that, although we use equivalence classes of idempotent substitutions, we 
could build an isomorphic domain by working with equivalence classes of the set of 
all the substitution. In other words, if we define Subst^ = 1+J(7gpj.(y) Substr^jj, we 
obtain the following: 

Proposition 3.1 

The posets {Substr^, and {ISubst..^, are isomorphic. 

Proof 

It is enough to prove that, for each U G P/(V) and 9 G Subst, there exists 6 ' G 
ISubst such that 9 9'. Let V = rng(9) D dom(0) and W C V such that W D 

(U U vars(0)) = 0 and \V\ = \W\. Moreover, we take a renaming p such that 
vars{p) = V{JW and p{V) = W. Then, we may define a substitution 9' such that 

9' = {po9fu . 

Note that dom(0') = (dom(0) U W) D [/ C dom(0) and rng(0') C rng(0) \ V GW. 
Therefore, dom(0') nrng(0') = 0, i.e., 9' G ISubst. Moreover, by definition, 9' 9. 

□ 

The isomorphism between Suhstn., and ISubst..^ holds since a variable in rng(0) is 
considered not of interest if it also occurs in dom(6*). Therefore {xjy^yjx) ^{x,y} 
{x/u,y/v}, since y and x in the range of {x/y,y/x} are just names for existential 
quantified variables. Obviously {x/y} {^/u} since here y only appears in 

the range and is therefore considered as a variable of interest. 

3.2 Operations on the new Domain 

It is now time to define some useful operations over ISubst...,, which will be used 
as building blocks for the semantics to be defined further away in the paper. They 
will also give some more insights over the structure of ISubstn... To ease notation, 
we often omit braces from the sets of variables of interest when they are given 
extensionally. So we write [9]x,y instead of [9]^x,y} and ^x,y,z instead of 
When the set of variables of interest is clear from the context or it is not relevant, 
it will be omitted. Finally, we omit the braces which enclose the bindings of a 
substitution when it occurs inside an equivalence class, i.e., we write {xly]u instead 
of [{xly}\u. 


3.2.1 Projection 

We define an operator which projects an element of ISubst,... on a given set of 
variables V, given by 

T^v{[(^]u) = Mc/nv , (5) 

which can be easily proved to be well-defined. Moreover, the following properties 
hold: 

1. TTu OTTv = TTj/nv; 

2 . Tru{[o-]u) = [o']u', 

3. TTy is monotonic w.r.t. 



Optimality in goal-dependent analysis of Sharing 


13 


3.2.2 Renaming 

Another useful operation on classes of substitutions is renaming. We first define the 
application of a renaming p £ Ren to a substitution 9 £ Subst as 

p{9) = {p{x)/pi9{x)) I x £ dom(6l)} . (6) 

Intuitively, we treat 0 as a syntactic object and apply the renaming to both left 
and right hand sides. Note that p{9) can be equivalently defined as po 9 o p~^. 

Proposition 3.8 

Given p £ Ren and 9 £ Suhst it holds that p{9) = p o 9 o p~^. 

Proof 

Let 9' = p{9). Since y ^ 9{y) for all y £ dom(0), then p{y) ^ p{9{y)) by injectivity 
of p. It follows that dom(0') = p(dom(0)). We now prove that, for each x € V, 
9'{x) = p{9{p~^{x))). We distinguish two cases. 

• If X ^ dom(0'), it follows that x ^ p(dom(0)) and thus p~^{x) ^ dom(0). As 
a consequence, p{9{p~^{x))) = p{p~^{x)) = x = 9'{x). 

• If X £ dom(6*'), then y = p~^{x) £ dom(0) and 9'{x) = p{9ljj)). Therefore 

p{9{p-^{x))) = p{9{y)) = 9'{x). □ 

We may lift this definition to classes of substitutions in the standard way as 
follows: 

p{[(y]u) = [p(o-)]p(c/) ■ (7) 

For example, let a = {x/k,y/t{z,k)}, U = {x,y,z} and consider the renaming: 

P = {xlu,u/x,y/z,z/y,k/h,hlk} . 

If we apply p to [a]u we obtain p{[a\u) = [{u/h,z/t{y,h)'\]u,y,z. Note that we do 
not need to worry about variable clashes. 

Theorem 3.9 

The renaming operation is well defined. 

Proof 

It is enough to prove monotonicity w.r.t. the preorder :<u. Given 0i,02 S Subst 
such that 9i :<u 02, we prove that p{9i) d^p{u) 0 (^ 2 )- By Prop. [321 we need to show 
that p o9i o p~^ d:p(u) po 92 0 p~^, which is equivalent to 9i o p~^ d:p(u) ^2 o P~^ 
thanks to Prop. 13.61 By hypothesis, there exists a substitution 6 £ Subst such that 
0i(x) = S{ 92 {x)) for all x £ C/. Therefore, for all v £ p{U), it holds 9i{p~^{v)) = 
<5(^2 (/o~^(i^))), which is the thesis. □ 

Several properties hold for the renaming operation: 

I- {pi o P 2 ){[ 9 ]v) = Pi{p 2 {[d]v)); 

2 . p is monotonic w.r.t. 

3. p{Trvi[9]u)) = TTpiv)ip{[0]u)); 

4. Pi{[0]u) = P 2 i[d]u) if Pi\u = P 2 \u- 

We just prove the last two, since the first is trivial and the second one immediately 
follows from the proof of Theorem 13.91 Note that the first point implies that p : 
ISubst.^ ISubst.^ is invertible. 
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Proposition 3.10 

Renaming is a congruence w.r.t. tt, i.e., 

p{'nv{[ 0 ]u)) = p(v)(.p{[Q]u)) ■ 
for [9]u S ISubstr^ and p S Ren. 

Proof 

By definition p{TTvi[0]u)) = p{[0]unv) = [piO)]p{unv)- Since p is bijective, p{U D 
V) = p{U) Gp{V) and therefore p{ttv{[9]u)) = '^p(v){[p{0)]p{u)) = '^p(v){p{[0]u)), 
which concludes the proof. □ 

Proposition 3.11 

Renaming only depends from the variables of interest, i.e., if pi,P 2 G Ren, [9]u S 
ISubstr^ and pw^jj = P 2 \ii, then pi{[9]u) = P 2 i[ 0 ]u). In particular, if pi\u = id, then 
Pi{[(^]u) = [(^]u- 

Proof 

Let us denote pi{U) = P 2 {U) by W. We need to prove that pi(0) P 2 {f^)- K is 

obvious that = P 2 ^\w Therefore, given p = pio pf^, we have that for each 

a; G IT, p{p2{9){x)) = p{p2{0{pf\x)))) = pi{9{pf^ix))). □ 

3.2.3 Unification 

Given U,V £ P/(V), [ 9 i\u,[ 92 \v G ISubst..^, we define the most general unifier 
between these two classes as the mgu of suitably chosen representatives, where 
variables not of interest are renamed apart. In formulas: 

mgu([ 6 »i]c/, [ 6 » 2 ]y) = [mgu(6»i, 6»^)][/uy (8) 

where 9i 9[ G ISubst, 02 ~y 02 G ISubst and [U U vars(02)) H (T U vars(02)) T 
U r\V. The last condition is needed to avoid variables clashes between the chosen 
representatives 0 'i and 02 - 

Example 3.12 

Let 01 = {x/a,y/t(vi,vi,V 2 )} and 02 = {y/t{a,V 2 ,vi),z/b}. Then 
mgn{[ 0 i\x,y,[ 02 ]y,z) = [{x/a,y/t{a, a,v), z / b}]x,y ,z 
by choosing 0^ = and 02 = {y/t{a, w, v),z/b}. In this case we have 

{x/a, y/t{a, a, v), z/b} ^x,y,z 

vagVL{0'i,0'2) = {x/a,y/t(a,a,v),z/b,vi/a,w/a,V 2 /v} . □ 

We may prove that mgu over ISubstr^ is well defined and that mgu([0i][/, [02]y) is 
the greatest lower bound of [ 0 i]u and [ 02 ]y w.r.t. 

Theorem 3.13 
mgu is well-defined. 
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Proof 

We begin by proving that, given 9 i,9[,92 & ISubst, if 9i 9[ with (t/Uvars(0i))n 
{V U vars( 02 )) C U H V and {U U vars( 6 > 2 )) Pi (F U vars( 02 )) ^ U Cl V, then 
nigu(0i, 6 * 2 ) '^uuv ingu(0i, 6 * 2 ). We have the following equalities: 

mgu( 6 'i, 6 i 2 ) 

mgu(6»i,6i2)|(7uy 

= nigu(0i|[/, 6*2, 6*i|_t7)|(7uy 

= (mgu( 0 i|[/, @ 2 ) o 0i|-;7)|c/uy 
= mgu(0i|[/, 02)|c/uy • 

In the last step, we use the fact that doni(0i|_[/) is disjoint from vars(0i|[/) by 
idempotency of 9i and it is disjoint from vars( 02 ) by the assumptions (17Uvars(6>i))n 
{V Uvars( 02 )) C C/flF. Since 9i 9[, there exists p G Ren such that {po9'i)\jj = 
The restriction of p to vars(0^|jj) is an injective map of variables whose range 
is vars( 0 i|( 7 ). By applying Lemma l3.4l it follows that we may choose a p such that 
vaTs(p) C 9i(U)U9{(U) C vars(0i) U vars(0^) U vars(17). Then vars(/ 9 ) fl F CU.We 
have: 


™gu(01|C/) (^2)\UUV 
= mgu((po6»i)|c/,6»2)|c/uy 
= (mgu((po6»'i)|,7,6»2) o6i')|;7uy 
= mgu((p o 9[)iu, 92, (p o 9[)\_u)\u\jv 
= mgu(po 6 »'i, 6 » 2 )|c/uy 
= (p omgu( 6 >i, 6 » 2 ))|c/uy 
'^UVJV mgu(0j,02)|(7uv 

~;7uy mgu(0i,6'2) . 


[for each 6 ' s.t. dom( 6 »') n (f/ U F) = 0] 
[by choosing 9' = {po e[)\_u] 

[by l|Palamidessi 19901 Theorem 5.10)] 
[by Prop. 13.61 


which proves the required property. Now, to prove the general theorem, assume 
there are 9i ~c/ 9[, 02 ~y ^*2 {U U vars(0i)) fl (14 u vars( 02 )) C t7 n F and 
(t/Uvars(0j))n(y Uvars( 02 )) C C/flF. Then, consider a new substitution 0'/ 0( 

such that (t 7 Uvars( 0 j'))n(FUvars( 02 )) C U OV, (t7Uvars(0j')) P (FUvars(0^)) C 
U nV and we repeatedly apply the previous property, obtaining 

mgu( 0 i, 02 ) -^u\jv mgu( 0 i, 02 ) ~( 7 uv nigu( 0 ", 0 ^) ~c/uy mgu( 0 j, 0 ^) . □ 

Note that, in the proof, the condition {U U vars(0j)) P (1^ U vars( 02 )) CUOV 
implies that vars(0j)Pl4 C UCW and vars( 02 )Pt/ C UOV. If we relax the condition 
to vars(0j) P vars( 02 ) QU OV then this property no longer holds and mgu ceases 
to be well defined. This is actually the origin of the flaw in ([Cortesi and File 1999^ 
which we will examine in Section [8.21 


Example 3.14 

Consider 9i = {x/a} and 02 = {u/h}. Assume we have a relaxed definition of mgu 
as stated above. Then, to compute mgu([0i]a;, [92]u,v) we may choose 9[ = 0i and 
02 = 02 to obtain {x/a,u/b}. But with the relaxed condition we might also choose 
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0[ = {x/a,v/a} and 02 = ^2 since it is true that vars(0^) n vars(0y = 0. However 
nigu( 0 i, 02 ) = {x/a,v/a,u/b} '/'x,u,v {x/a,u/b}. □ 

Theorem 3.15 

mgu is the greatest lower bound of {ISubstr^, F). 

Proof 

If [(^]uuv = ingu([0i]c/, [ 02 ]y), we may assume, without loss of generality, that 
6 = mgu( 0 i, 02 ) and 0i, 02 are canonical representatives. It immediately follows 
that 0 < 01 and therefore 0 Fu 0i. In the same way, 0 02 - 

Now, assume [r]]uuv ^ [^i ](7 and [r]]uuv ^ [^ 2 ]y- We want to prove that [rjjuuv ^ 
[0]uuv- By definition of there is a cti such that rj[x) = cji[9i{x)) for each x & U. 
We may choose cti such that dom(tTi) C rng(0i). In the same way, there is (T 2 such 
that dom((T 2 ) C rng( 02 (a;)) and 'q{x) = cr 2 ( 02 (a;)) for each x & V. We may define a 
new substitution tr such that 

{ cri(0i(a;)) if X £ f7 U dom(cri), 
o’2(02(a;)) if X £ y U dom((T2), 

X otherwise. 

Note that this definition is correct, since the first two cases may occur simultane¬ 
ously only if X £ 17 n y, which implies cri(0i(x)) = 0-2 (02 (x)) = ??(x). It is easy to 
check that rj ~j/uy cr and a = a o 9i = cro 02 . Therefore 

77 ~( 7 ny cr < mgu( 0 i, 02 ) = 0 , 

i.e., 77 Fuuv b, which proves the thesis. □ 

We now give some properties which relate the mgu with the other operations on 
ISubstr^, namely renaming and projection. 

Proposition 3.16 

p is a congruence w.r.t. unification. In formulas, if if is a set of equations and 
[ 0 i]( 7 i, [^ 2 ]c /2 € ISubstr. then it holds that: 

• mgu(p(7^)) = p(mgu(T;)) 

• P(mgu([ 0 i][/i,[ 02 ] 7 /j) = mgu(p([ 0 i][/J,p([ 02 ]t/J) ■ 

Proof 

The first property is trivial since the unification algorithm does not depend on 
the actual name of variables. Therefore, to prove the second property, we only 
need to check that mgu([0i](7i, [ 02 ]( 72 ) = [’^gu(0i, 02 )]( 7 iU (72 (according to Eq. [5]) 
implies mgu(p([0i]c/J, p([ 02 ]c/J) = [mgu(p(0(), p( 0 y)]p(, 7 ^)up(c/ 2 ). First of all, since 
9[ 01 , then p(0() ^p(Ui) p(^i)j by Theorem 13.91 With the same reasoning, we 

obtain that 0 (^ 2 )- Then, we prove that (p({7i) U vars(p(0())) n (^( 1 / 2 ) U 

vars(p( 02 ))) C p{Ui) n p{U 2 ). It is obvious that p(vars(9)) = vars(p(9)). Therefore, 
since p is bijective. 


(p(17i) U vars(p(0'i))) n (^( 1 / 2 ) U vars(p( 02 ))) 

= p(((7i U vars(0()) n {U 2 U vars( 02 ))) C p{Ui n U 2 ) = p{Ui) n p{U 2 ) . □ 
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Proposition 3.17 

Given a set of variables V and ^ ISubst^.,, we have that 

7ry(mgu(7ry([6»i][/J, [6>2]c/2)) = mgu(7rv([6»i];7j, Try ([6»2];72)) • 


Proof 

First observe that Try(mgu(7ry([6»i][7j, = [0]yn((ync/i)uc/2) = [&]vn(UiUU 2 ) 

where 9 G ingu(0i, @2)) &i and 02 are canonical representatives of [0i]ync/i and [02](72 
and vars(02)nvars(02) ^ Vr]Uir]U 2 . Note that 02 '^U 2 ^2 and therefore 02 ~ynf72 ^2- 
Moreover (vars(0i)U(ynt/i))n(vars(02)U(t7nC/2)) C l/nC/inC/2, and therefore 9[ 
and 02 are valid representatives to compute mgu(Try([0i]t7j),Try([02];72)) according 
to (HI). Therefore [0]yn(c/iUC/2) = mgu(Try ([0i]c/J, Try([02](72)) and this proves the 
thesis. □ 

Thanks to the above properties, the algebraic structure of the domain ISubstr., is 
very similar to (locally finite) cylindric algebras (IHenkin et al. 19711) . In particular, 
if the unit element is defined as [ejg, the diagonal elements are given by the sub¬ 
stitutions [x/y]!^x,y} and cylindrification is defined as Ca;([0]y) = 7ry\{2:}([^*]y)5 then 
these operators satisfy the axioms defining a cylindric algebra. The fundamental 
difference is that the underlying set ISubst^^ is not a boolean algebra. 

It would be possible, as in (jPalamidessi 1990)l . to define a “least common anti¬ 
instance” operator which corresponds to the least upper bound in ISubstr^. However, 
since it is not used in the semantic framework we are going to describe, we omit to 
define this operator. 


4 Concrete Semantics 


Since we are interested in goal-dependent analysis of logic programs, we need a 
goal-dependent semantics which is well suited for static analysis, i.e., a collecting 
semantics over computed answers. Unfortunately, using a collecting goal-dependent 
semantics may lead to a loss of precision already at the concrete level, as shown 


by Marriott et al. (1994). It is possible to reduce the impact of this problem by 


using two different operators for forward and backward unification. In particular, it 
turns out that backward unification may be realized using the operation of match¬ 
ing between substitutions ( [Bruynooghe 199fj iLe Charlier et al. 199ip . We follow 
the same approach and define a new denotational framework based on existential 
substitutions and inspired by (ICortesi et al. 199^ . 


f.l Concrete Domain 

We start to define the concrete domain for the semantics. A concrete object is 
essentially a set of existential substitutions with a fixed set of variables of interest. 
In formulas: 


Psub = {[0,C/] I 0 C ISubst^,j,U e p/(V)} U {Tps,Tps} 
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where TPs and _Lps are the top and bottom elements respectively and 


[01, C/i] Eps [02, U 2 ] ^ Ui = U 2 and 0i C 02 . 

The notation we adopt may appear clumsy, since the set of variables of interest U 
in [0, U] may be derived from 0. However, when we move to the abstract domain, 
we need to explicitly keep track of this set U. By using [0, U] in Psub, we want to 
keep a consistent notation for both concrete and abstract domains. 

It turns out that (Psub, Eps) is a complete lattice, and we denote by Ups its least 
upper bound, which is given by 


T Ps Ups X = X Ups T Ps =T Ps 

-Lps Ups X = X LIPs -Lps =X 


[01, Ui] Ups [02, U 2 ] 


[0iU02,C/i] ifC/i = C/2, 
Tps otherwise. 


(9) 


We now define the main operations over Psub, that is: projection on a set of 
variables, unification of an object with a single substitution and the operation 
for matching two objects of Psub. All the operations are strict: when one of the 
argument is _Lps the result is -Lps. If no argument is _Lps and at least one of the 
argument is Tps the result is Tps. Therefore, in the following, we will omit the 
cases for the objects Tps and Tps. 

Given [0, U] S Psub and E C V, we define the projection of [0, U] on the set of 
variables V as 


^Ps([0, U],V) = [W([a][i) I [a]u G 0}, G n E] . (10) 

The concrete unification unifps : Psub x ISubst ^Psub is given by: 

unifps([0, U],S) = [{mgu([cr]c/, [5]vars(5)) I G 0}, G U vars(5)]. (11) 

The operations ttps and unifps are just the pointwise extensions of tt and mgu. 
Note that, in unifps, the argument 6 may have variables which do not appear in 
U. This is not always the case in literature. For example, in ( Cortesi and File 
1999; [Bagnara et al. 2005D we find a variant of unifps which only consider the case 
when vars(5) C U. When this does not happen, the same effect is obtained by first 
enlarging the set of variables of interest t/, and then applying unification. Although 
nothing changes at the concrete level, this gives a loss of precision when we move 
to the abstract side, since the composition of two optimal abstract operators is 
generally less precise than the optimal abstract counterpart of the whole unifps 
(see Section [6|). 

Finally, we define the matching operation. The idea is to design an operator which 
performs unification between two substitutions [0i]ui ^^.d [02 ](72 only if fh® process 
of unification does not instantiate the first substitution. In other words, we require 
that if we compute mgu([ 0 i]( 7 i, [^ 2 ]( 72 ) nnd we only observe variables in C/i, that is 
TTf/j(mgu([ 0 i]; 7 j, [^* 2 ]f 72 ))> then we obtain exactly [ 0 i]; 7 i- The next proposition shows 
this is equivalent to require that 0i :<Uir\U 2 ^ 2 - 


Proposition 4-1 
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Given two existential substitutions [Oi\ui [02\u2i we have that 6 i :<Uir\U 2 ^2 iff 
[6»i],7i = 7r(7i(mgu([6»i][/i, [6»2 ]c/2))- 

Proof 

By Prop. [337]we obtain 7rc/i(mgu([6»i][/,, [02]c/ 2 )) = mgu(7rc/i ([0i]c/J, ttc/i ([02 ]c/2)) = 

mgu([0i][/j, [02]c/inc/2)- Since mgu is the greatest lower bound of ISubst^, we have 
that [0i]c/i = mgu([0i]c/i, [ 02 ]c/inc/ 2 ) iff [^i]c/i ^ [fi' 2 ]c/inc /2 which, by dehnition, is 
equivalent to 0i ^c/inc /2 ^ 2 - D 

We can now define the matching operator matchps : Psub x Psub ^ Psub as follows: 

matchps([0i,[/i], [© 2 , 1 / 2 ]) = [{mgu([0i]c/i, [02]c/2) I 

^1 ^c/inc /2 ^ 2 , [^i]c/i £ © 1 , [02 ]c/2 £ © 2 }, Ui U U 2 ] ■ (12) 

The above operator allows us to unify all the pairs of substitutions [0i]c/i £ ©1 and 
\O 2 \u 2 £ © 2 , under the condition that the common variables in Ui and U 2 may not 
be further instantiated w.r.t. their values in Oi. 

Example ^.2 

Let ©1 = {[x/y\x,y} and ©2 = {[u/x\u,x, [x/t{u)\u,x}- Then 

matchps([©i,{a:, 2 /}],[© 2 ,{'u,a:}]) = [{[x/y,u/y\x:^y^u},{x,y,u\] . 

Note that [y/t(u), x/t{u)]u^x,y, obtained by unifying [x/y]x,y with [x/t(u)]u^x, is not 
in the result of matching. This is because [xlt{u)\u,x is strictly more instantiated 
then [x/y]x,y w.r.t. the variable x and therefore {x/y} -f^x {x/t(u)}. □ 

Proposition 4-3 

The operations ttps, unifpg and matchpg are continuous over Psub. 

Proof 

Trivial from their definitions. If we do not consider the element Tps, they are 
actually additive. □ 


4-2 Semantics 

Using the operators defined so far, we introduce a denotational semantics for logic 
programs. It computes, for a given goal G, the set of computed answers for a 
program w.r.t. G modulo the equivalence relation ~vars(G)- H is a goal-dependent 
collecting semantics (jCousot and Cousot 1994]) . in that it works by computing the 
set of possibly entry and exit substitutions at each point in the program. 

We call denotation an element in the set of continuous maps: 

Pen = AtomsPsub A Psub . (13) 

We have the following semantic functions: 

V : Progs —> Pen 

C : Clauses^ Pen A Pen 

B: Bodies ^ Pen A Psub A Psub . 
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The corresponding definitiontQ, 


given 


d S Den and x £ Psub, 


npi = ifpxd. Up/Mid 

\clGP / 

CfH ^ Bjd A x = lJ’^MBmdVUx,AH)),X,H,A) 

BM dx = X 

BlA,BUx = Bmd{dAx) 


defined by means of the following operators: 

Upg : Psub X Atoms x AtomsPsub , 

Upg : Psub X Psub x Atoms x AtomsPsub . 


Upg and Upg are resp ectively the forward and backward unification ( Muthukumar 
and Hermenegildo 1992). They are used according to the following pattern: 


• the forward unification, in order to compute the set of entry substitutions 
Upg(x, A, i/) from the set of call substitutions x; 

• the backward unification, in order to compute the set of answer substitutions 

Upg((S|i?]dUpg(x, i?)), Xi starting from the set of exit substitutions 

BmdljUx,A,H). 

The formal definitions of Up^, and Upg are the following: 

U;^g([0,C/], Ai,yl2) = 7rps(unifps(p([0, [/]),mgu(p(Ai) = A 2 )), vars(A2)) , (14) 

where p is a renaming such that p{U U vars(£li)) n vars(A 2 ) = 0 and p{[Q,U]) = 
[{p(Hb) I ['^]u G is the obvious lifting of renamings from ISubstr^ to 

Psub. 

U^g([01,[/l],[02,C/2],^l,A2) = 

7rps(matchps(p([0i, [/i]), unifps([02,172], mgu(p(y4i) = A 2 ))), U 2 U vars(y42)) 

(15) 

where p is a renaming such that p{Ui U vars(y4i)) n (C /2 U vars(A 2 )) = 0 . If p{Ai) 
and A 2 do not unify, the results for both the operations is assumed to be Tpg. 


Example 4-4 

Consider the goal p{x,y,z) with y = f{x,z) and the trivial program P with just 
one clause 


p(u,v,w). 

We first compute the concrete semantics "PIP] = Ifp Aci.C|p(u, v, w) ^ DJIfi. Ac¬ 
cording to the semantic definition, we have that: 

C|p(u,v,w) ^ ajd = XA.Xx-A!pfi{Bin}dXj{,fix,Ap{u,v,w))),x,p{u,v,w),A) . 


^ Here we use the lambda notation, writing Ifp Xx.E{x) to denote the least fixed point of the 
function / given by f{x) = E{x). 
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Since S|n]c? = Ax-X, this is equivalent to 

XA.Xx-VpsfUisix, Ap{u, V, w)), x,p(m, v, w), A) , 

from which we immediately obtain the semantics of the program P: 

VIP} = AAAx.U^s(U:^s(x, Ap{u, V, w)),x,piu, v, w),A) . 

We now compute the semantics of the goal p{x, y, z) with y = f(x, z). In order to 
improve readability, we will omit subscripts on classes of substitutions. 

HPMx, y, z)[{[y/f{x, z)]}, {x, y, z}] = 

Ups(U]^s([{b//(^. ^)]}> y. z}],p{x, y, z),p{u, V, w)), 

[{[y/fix, 2 )]}, {x, y, z}],p{u, V, w),p{x, y, z)) . 

We first compute the forward unification 

Ups([{[y//(x, z)]}, {x, y, z}],p{x, y, z),p{u, v, w)) = 

[{\u/x', v/f{x', z'),w/z']}, {u, V, w}] , 

where we have renamed x and z to x' and z' to avoid ambiguities, although it is 
not needed. Now we can compute the semantics of the goal. 

VlPlpix, y, z)[{[y/f{x, z)]}, {a:, y, z}] 

= /(a;', z'),w/z']}, {u, V, w}], [{[y/f{x, z)]}, {x, y, z}], 

p{u,v,w),p{x,y,z)) 

= 7rps(matchps([{[w/a:', vff{x', z'), w/z']}, {m, u, ti;}], 

[{[u/x, v/f[x, z),w/z, y/f{x, z)]}, {m, v, w, x, y, z}]), {x, y, z}) 

= 7rps([{[u/x, v/f{x, z),w/z, y/f{x, z)]}, {m, v, w, x, y, z}], {x, y, z}) 

= {{[y/f{x,z)]},{x,y,z}] 

Thus, we have only one computed answer substitution for the goal p{x, y, z) with 
2 /=/(a;, 2 :), which is {?///(a;, z)}. □ 

Theorem 4-5 

and are well defined, in that they are independent from the choice of p. 
Moreover, they are continuous. 

Proof 

Continuity is trivial from their definition, therefore we only need to prove the inde¬ 
pendence from the choice of the renaming p. We only consider the case when none 
of the arguments are _Lps or Tpg, since otherwise the result is always _Lps or Tpg. 
Moreover, note that, given atoms Ai and A 2 , if pi and p 2 are renamings such that 
/9i(vars(Ai)) n vars(A 2 ) = 0 for i £ {1, 2}, then pi(Ai) and A 2 unify iff p 2 {Ai) and 
A 2 unify. Therefore, we can restrict ourselves to the case where the two atoms given 
as arguments, appropriately renamed, do unify. Otherwise, the result is always Tpg. 
Observe that, by Prop. lTTHl given p G Ren, [Oi\ux, £ ISubstr^, we have that 
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p(mgu([6»i];7i, [6>2](72)) = mgu(p([6'i](7i),p([fi'2]c/2))- By definition of unifps, it follows 
that p(unifps([0, f/], (5)) = unifps(/9([0, f7]), p(^)), since vars(/9(^)) = p(vars((5)). 

Let pi, p 2 be renamings. We first show that 

7 rps(unifps(/9i([0, C/]),mgu(pi(Ai) = A 2 )), vars(A 2 )) = 
7rps(unifps(p2([0, C/]),mgu(/92(^i) = ^ 2 )), vars(A2)) 

provided that pi(U U vars(24i)) n vars(A 2 ) = 0, for i g {1,2}. Let W = pi(U U 
vars(Ai)) and J = (p 2 o Pi^)\w- Then 5 may be viewed as an injective map from 
V to V, since it is the composition of injective functions. By Lemma 13.41 there 
exists a renaming p such that p\w = d and vars(/9) = vars((5) C W U rng(^) C 
W U p 2 {U U vars(24i)). Observe that vars(p) n vars(A 2 ) = 0 since, by hypothesis, 
for each i g {1,2} it is the case that pi{U U vars(24i)) n vars(242) = 0. Thus the 
following equivalences hold: 

7rps(unifps(pi([0,f7]),mgu(pi(Ai) = ^ 2 )), vars(A2)) 

= p(7rps(unifps(pi([0,f7]),mgu(pi(2li) = 242 )), vars(>l2))) 

[since P|vars(A 2 ) = and by Prop. [344] 

= 7rps(p(unifps(pi([0, f7]),mgu(pi(Ai) = ^ 42 ))), vars(242)) 

[since p is a congruence for ttps by Prop. 13.101 
= 7rps(unifps(p(pi([0,f7])),mgu(p(pi(Ai)) = p{A 2 ))),vaTs{A 2 )) 

[since p is a congruence for unifpa by Prop. [346] 

= 7rps(unifps(p2([0, Cl]),mgu(p2(^i)) = A 2 ), vars(242)) 

[since (p o pi)|i/uvars(Ai) = P2|puvars(Ai) and by Prop. |3.11j . 

We now show that Up^ is independent from the choice of the renaming. First of 
all, note that by Prop. [XTBl and Theorem 13.91 the following follows: 

p(matchps([0i, f7i], [02, f72])) = matchps(p([0i, f7i]), p([02, 1 / 2 ])) • 

Assume given pi,p 2 G Ren such that pi{Ui U vars(Ai)) n {U 2 Uvars(A 2 )) = 0, for 
i g {1, 2}. Let W = pi{Ui Uvars(Ai)) and 5 = (p 2 opj" As shown above, there 
exists p g Ren such that p\y^ = 5 and vars(p) = vars((5) C VF U p 2 {Ui U vars(Ai)). 
Observe that (5|(72Uvars(A2) = Thus the following equivalences hold, where Z = 
U 2 U vars(A2): 

7rps(matchps(pi([0i, Ui]), unifps([02, C/ 2 ], mgu(pi(Ai) = A 2 ))), Z) 

= p(7rps(matchps(pi([0i,{7i]),unifps([02,C/2],mgu(pi(Ai) = ^ 2 ))),^)) 

= 7rps(matchps(p(pi([0i,C/i])), unifps(p([02, C/ 2 ]),mgu(p(pi(Ai)) = p{A 2 )))),Z) 

= 7rps(matchps(p2([0i, C/i]), unifps([02, C/2],mgu(p2(Ai) = ^ 2 ))),^) . 

This concludes the proof of the theorem. □ 

Theorem 4-6 

All the semantic functions are well defined and continuous. 
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Proof 

The proof is trivial since the semantic functions are obtained by composition, ap¬ 
plication, projection and tupling of continuous functions. Therefore, they are con¬ 
tinuous and compute continuous denotations. Moreover, they do not depend on the 
choice of p in Up^ and Up^, as proved in Theorem 14.51 □ 

Note that several frameworks have been developed for logic programs, and not 
all of them use the same operators for forward and backward unification. We will 
discuss the benefits of our choices later, when we introduce the abstract operators, 
since the relative merits of the different proposals mainly arise when speaking about 
abstractions. 


4-3 Correctness and Completeness 

The semantics we have defined in this section is significant only up to the point that, 
studying its properties, it is possible to derive some conclusions about the properties 
of the real operational behavior of logic programs. We said before that we considered 
as the relevant operational observable of our analysis the set of classes of computed 
answers for a goal. Therefore, the best we can expect from our collecting semantics 
is that it enables us to recover the set of computed answer for each goal. Our first 
theorem is a partial positive answer to this question. 

Theorem ^.7 

(Semantic Correctness) Given a program P and an goal G, if 0 is a computed 
answer for the goal G, then S|G]('P|P])G[{e}, vars(G)] □ps [{[0]}, vars(G)]. 


Proof 

The proof, quite long and tedious, may be found in the Appendix [Xl □ 


Therefore, we know that all the computed answers may be obtained by our seman¬ 
tics. However, the opposite is not true: the semantics given in this paper, although 
more precise than a semantics which only uses unification, is not complete w.r.t. 
computed answers. Actually, Marriott et al. (1994, Section 5.5) give an example 
where a collecting goal-dependent semantics computes a substitution which is not 
a computed answer. When matching is used to compute the backward unification, as 
it is the case in our framework, that example does not work anymore (see Example 

[I3D. 

However, also with the use of matching, the collecting semantics computes sub¬ 
stitutions which are not computed answers. Consider the program P given by the 
following clauses: 


p(x,y) :- q(x). 
q(x) . 

We want to compute VlP}p{x,y)[Q,{x,y}] where 0 = {[x/y], [a;/a]}. It is easy to 
check that 


'PlPMx)[^Ax}] = [A,{x}] 
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for each [A, {x}] £ Psub. Therefore, this implies that 


'PlP\p{x,y)[Q,{x,y}] = [{[x/y],[x/a],[x/a,yla]},{x,y}] . 

The substitution [x/a^y/a] arises from calling q{x) with the substitution [x/a] and 
matching the result with [x/y], which is not forbidden by matching. However, there 
is no substitution in the class of [{x/a, 2//a}]a;,y which is a computed answer for the 
goal p{x, y) in the program P with entry substitution in 0. 

This loss of precision is not relevant for downward-closed abstract domains, where 
goal-dependent collecting semantics are more precise than goal-independent ones. 
This is not the case for upward-closed abstract domain, where goal-independent se¬ 


mantics are more precise than goal-dependent ones. Garcia de la Banda et al. (19981 


deal with this topic and show several semantics which combine a goal-dependent 
and a goal-independent computation to improve precision over all the conditions. 


5 Abstract Domain and Semantics 


Several abstract domains have been used for analyses of sharing and aliasing. We 
use the domain Sharing ( Jacobs and Langen 19921 ICortesi and File 1999^ which 
computes set-sharing information: 


Sharing = {[A,U] | A C p{U), (A^0=^0eA),t/ G p/(V)} U (T sh, -Lsh} ■ 


Intuitively, an abstract object [A, U] describes the relations between the variables in 
t/: if S' G A, the variables in S are allowed to share a common variable. For instance, 
[{{x, y}, {z}, 0}, (x, y, z}] represents the (equivalence classes of) substitutions where 
X and y may possibly share, while z is independent from both x and y: {x/y} and 
e are two of such substitutions while {x/z} is not. 

The domain is ordered like Psub, with Tsh and Tsh as the greatest and least 
element respectively, and [Ai, Ui] Esh [A 2 , U 2 ] iff Ui = U 2 and Ai C A 2 . The least 
upper bound satisfies the following property: 


[Al, [/i]Ush[A2, U 2 ] 


[Al U A 2 , Ui] if t/i —U 2 , 
T Sh otherwise. 


(16) 


To design the abstraction from Psub to Sharing, we first define a map ash : 
ISubst^ Sharing as 


ash([o-]y) = [{occ(cr,y) n 1^ I y G V},y] . (17) 

where occ{a,y) = {2 G V | y G vars((T(z))} is the set of variables z such that 
y occurs in (t(z). For instance, occ({x/t(y, z), x'/z, y'/z'}, z) = {x,x',z}. We call 
sharing group an element of p/(V). 

We say that x is independent from y in [a\v when, given Q:sh([o']y) = [(S', G], there 
is no A G 5' such that {x,y} C X. Given U G p(V), we say that x is independent 
from U in [cr]v when it is independent from y for each y £ U different from x. 
Finally, x is independent in [crjy if it is independent from V in [cr]y. 


Proposition 5.1 
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The map ash : ISubstr^ ^Sharing is well defined, i.e., it does not depend on the 
choice of representatives. 

Proof 

If cr cr', let p G Ren such that cr'(a;) = p{(j{x)) for each x & V. Then 

occ{a\p{y)) nV = {z eV \ p{y) G vars(cr'(z))} 

= {z G y I y G /9“^(vars(p(cr(z))))} 

= {z G y I y G vars((T(z))} 

= occ(cr, y) n V . 

Therefore, x G occ(cr, y) n F iff a; G occ{a', p{y)) n V, which proves the thesis. □ 

The abstraction map may be lifted pointwise to ash : Psub —> Sharing as follows: 

ash(-Lps) =Tsh ash(Tps) = Tsh 

«Sh([0,C/])-lJsh«Sh(M£/) (18) 

[o-][/e© 

To ease the notation, often we will write a sharing group as the sequence of its 
elements in any order (e.g., xyz represents {a;,y,z}) and we omit the empty set 
when clear from the context. For example: 

ash([{[e]}, {x, y, z}]) = [{x, y, z}, {x, y, z}] 
ash{[{[x/y,z/a]},{x,y,z}]) = [{xy}, {x, y, z}] 
ash([{[e], [a:/y,z/a]},{x,y,z}]) = [{xy, x, y, z}, {x, y, z}] . 

Since ash is additive, there is an induced concretization function ysh, the right 
adjoint of ash, which maps each abstract object to the set of substitutions it rep¬ 
resents: 

7 sh([^, U]) = [{[9]u I ash([0]c/) Esh [5, U]}, U] . (19) 

Note that each abstract object represents the possible relations between variables: 
a substitution in which all the variables in U are ground is always in 7sh([^, U]), 
independently from A. 

Proposition 5.2 

(ash,7Sh) : Psub ^ Sharing defines a Galois insertion. 

Proof 

That (Q;sh)7Sh) is a Galois connection immediately follows from the fact they are 
an adjoint pair. Now, we want to prove that ash is onto. Given [S', V] G Sharing 
and X G S, consider the substitution 6 x defined as 

{ w if X G X 
a if X G G \ X 
X otherwise. 

where w is a fresh variable not in G. It is easy to check that Q;sh([6*jf]v ) = [W,5] 
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and therefore ash([{[^x]y | X g S'},V^]) = [S', F]. Moreover, we have ash(-Lps) = 
J-Sh and ash(Tps) = Tsh- □ 


5.1 The Abstract Semantics 

The abstract semantics is obtained by replacing, in the definition of the concrete se¬ 
mantics in Section r4.2l the concrete domain Psub with the abstract domain Sharing 
and the basic operators, namely, least upper bound Ups, forward unification Upg 
and backward unification Up^ with their corresponding abstract counterparts. The 
abstract least upper bound Ush has been already defined in the previous section. 
We recall that, on the concrete side, we have defined the forward and backward 
unification operators in iMl) . (fTSl) as: 

U]^g([0, U],Ai,A 2 ) = 7rps(unifps(p([0,17]), mgu(p(Ai) = ^ 2 )), vars(A 2 )) 
U|,g([0i,[/i],[02,C/2],7li,7l2) = 

7 rps(matchps(p([ 0 i, Ui\), unifps([ 02 ,1/2], mgu(p(Ai) = A2))), U2 U vars(A2)) 

The abstract forward and backward unification operators are obtained by replacing, 
in the above definitions, the primitive operators with their abstract counterparts, 
namely, abstract projection ttsh, abstract renaming p, abstract unification unifsh 
and abstract matching matchsh- 

The abstract operators behave exactly as the concrete ones on Tsh and Tsh- 
Abstract projection and renaming are defined as: 

7rsh([Ai, [/i], U 2 ) =[{B n 172 I B e Ai}, Ui n 172] , (20) 

p{[A,U])=[p{A),p{U)] . (21) 

The definition of the abstract versions of matching and unification is the main 
argument of the rest of this paper. Here we show some properties of completeness 
for projection and renaming. Since the concrete and abstract operators behave in 
the same way on top and bottom elements, here and in the following proofs we only 
consider the case when all the arguments are different from Tps/Tsh and Tps/Tsh- 

Theorem 5.3 

TTsh is correct and complete w.r.t. ttps. 


Proof 

Given [0,1^] S Psub, we prove that ash(7rps([0, V^], 17)) = 7rsh(ash([0, k^]), G). 
We first prove that, for each [(j)\v £ ISubstr.,, it holds that 7rsh(ash([</']y ),U) = 
ash([<(>]yn( 7 )- Actually 

Q:sh([((’]yn; 7 ) = [{occ((/), z) r\V r\U \ z €V},V f\U] 

= 7rsh([{occ((;i, z) GV \ z & V},VfU) 

= 7rsh(Q;sh([(?i’]y), B) . 

The result for the lifted ash follows trivially. □ 
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Theorem 5.4 

Abstract renaming is correct, complete and 7 -complete w.r.t. concrete renaming. 
Proof 

First of all, given p G Ren^y G V and (p G Subst, we prove that occ{p{4>), p{y)) = 
p{occ{4>,y)). Actually: 

occ{p{4>),p{y)) = {z G V I p{y) G vars(p((/)(p"^(z))))} 

= {z G V I 2 / G Y&vs{(j){p~^ [z)))) 

= {p(k) I fc G V, y G vars((/)(fc))} [by letting k = p~^{z)] 

= p{occ{(j)),y) . 

Then we prove that, given [0]y G Psub and p G Ren, Q!Sh(p([^!']v)) = p(Q:sh([</>]v'))- 
Using the fact that p as an operation over ISubstr., is bijective, we have: 

ash{p{[(p]v)) = [{occ(p((/)), z) n p{V) I z G V}, p{V)] 

= [{p{occ{cl), p-^{z)) n p{V) I z G V},p(U)] 

= p{[occ{ip, A:) n U I fc G V}, V\) [by letting z = p{k)] 

= P(ash([(/']v)) • 

This property, lifted to Psub, gives the completeness of abstract renaming. Finally, 
we need to prove that renaming is 7 -complete, i.e., that 7 sh o p = po 731 ,. 

lSh{p{[S, U])) = 7sh([p(S'), piV)]) 

= I ash([6']y) Esh p{S)},p{V)] 

= [{p([^]v) I o:sh{p{[d]v)) Esh p(5')},p(U)] 

= [{p([^]v) I p{ash{[0]v)) Esh p{S)},p{V)] 

= [{p([^]v) I ash([0]v) Esh S},p{V)] 

= p(7sh([^,E])) . 

which concludes the proof of the theorem. □ 

6 Forward Unification 

We briefly recall from (|Cortesi and File 19991 [Bagnara et al. 2002[ ) the definition 
of the standard operator unifgj, for abstract unification on Sharing. The abstract 
unification is performed between a set of sharing groups A and a single substitution 
S, under the assumption that vars(<5) C U, and it is defined as follows: 

unifsh([^> U],S)^ [ush(A, S), U] (22) 

where ush : p(p/(V)) x ISubst ^ p{pf{V)) is defined by induction as follows: 

ush(A,e) = A 

ush(A, {x/t} W 0) = ush(A \ (rel(A, {a;}) U rel(A, vars(t))) 

U bin(rel(A, {x})*, rel(A, vars(t))*), 9). 

The auxiliary operators used in the definition of ush are given by: 


( 23 ) 
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• the closure under union (or star union) (.)* : p(p/(V)) ^ p(p/(V)) 


A* = {\jT\(D^TGpf{A)^-, (24) 

• the extraction of relevant components rel : p(p/(V)) x p/(V) ^ p(p/(V)): 

rel(A, V) = {TGA\TnV^$} ; (25) 

• the binary union bin : p(p/(V)) x p(p/(V’)) ^ p(p/(V)): 

bin(^, B) = {Ti U Ta I Ti e A, Ta G 5} . (26) 


We recall that we will often abuse the notation and write rel(a4, o) for rel(A, vars(o)) 
and a; G o for x G vars(o) where o is any syntactic object. 

Example 6.1 

Take A = {xy, xz, y}, U = {ic, x, y, zj and <5 = {x/t(]j, z),w/tijj)}. Note that, since 
w does not appear in A, then w is always bound to a ground term in 7sh([^, U]). 
We have rel(A, a;) = {xy, xz}, rel(A, y) = {xy,y}, rel(A, z) = (xz) and therefore 

ush(^, {x/t{y, z)}) =A \ (xy, xz, yj U bin({xy, xzjMxy, xz, y}*) 
=bin({xy, xz, xyz}, {xy, xz, xyz, y}) 

={xy,xz,xyz} . 

If we take B = {xy, xz,xyz}, we obtain rel{B,w) = 0, rel{B,y) = {xy,xyz} and 
therefore 

ush(^,^) =ush(.B,{u;/t(y)}) 

\ {xy, xyz} U bin(0, {xy, xyz}*) 

=B \ {xy, xyz} 

={xz} . □ 

It is worth noting that unifgj, is not the abstract counterpart of unifps, because 
unifgij))^, U],6) is defined only under the condition that vars((5) C U. Since this is 
not enough to define a goal-dependent semantics, when this solution is adopted, 
there is the need of an operator to expand the set of variables of interest in a 
substitution. Let us introduce the following concrete operator: 

.Ps([0, U],V) = [{mgu([a]c/, [e]v) | [a]u e&},UUV] , (27) 

whose optimal abstract counterpart is simply given by: 

tsh([0, U],V) = [0 U {{x} \xeV\U},UUV)] . (28) 

By using ips, the operator unifps can be equivalently rewritten as: 

unifps([0,C/],6») = unifps(tps([0,C/],vars(0)),6<) , (29) 


® Note that, due to the condition T ^ 0, the notation A'^ would be more appropriate. However, 
we retain the notation A* for historical reasons. 
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and now, in the right hand side, ips([0, J7], vars(0)) is an object of the kind [A, U U 
vars(0)]. Therefore, a correct abstract forward unification operator for Up^ may be 
obtained as 

= 7rsh(unifgh(ish(p([0,C/]),vars(p(rii)) U vars(ri 2 )), 
mgu(p(rii) = ri 2 )),vars(ri 2 )) , 

provided that p is a renaming such that p{U U vars(rii)) n vars(ri 2 ) = 0. However, 
U'gij is not optimal w.r.t. Up^. 

Example 6.2 

We keep on Example 14.41 and compute the abstract counterpart of the concrete 
forward unification 

Ups([{[y//(a:, 2 )]}, V, z}],p{x, y, z),p{u, v, w)) = 

[{[u/x,v/f{x,z),w/z]},{u,v,w}] . 

Since the abstraction of [{[y/f(x, z)]}, {x,y, z}] is [{xy, yz}, {a:, p, z}], we compute: 

U'L([{xy: yz}, {a:, y, z}],p{x, y, z),p{u, v, w)) = 

7rsh([ush({xy, yz, u, v, w}, {x/u, y/v, z/w]), {a;, y, z, u, v, w}], {u, v, w}) = 
7rsh([{xyuv, yzvw, xyzuvw}, {a:, y, z, u, v, w}], {w, v, w}) = 

[{uv, vw, uvw}, {u, z;, w}] . 

There exists a sharing group uvw computed by the forward unification. However, 
when computing unifps( 7 sh([{xy, yz}, {a:, y, z}]), {x/u, y/v, z/w{) we know that u, v 
and w are free in 7 sh([{xy, yz), {a:, y, z}]. Following (IHans and Winkler 1992^ . 
we can avoid computing the star unions when considering the binding y/v in 
ush, obtaining the smaller result [{xyuv, yzvw}, {a:, y, z, u, f, u>}]. If we now com¬ 
pute the projection on the variables {u,v,w} we obtain the entry substitution 
[{uv, vw}, {u, V, w}], with an obvious gain of precision. □ 

Example 6.3 

Let us consider the following unification. 

U'L([{xy> xz}, {a:, y, z}],p(a:, y, z),p{t{u, v),h, k)) = 

7rsh([bin({xyh, xzk, xyzhk}, {u, v, uv}), {a:, y, z, h, k, m}], {u, v, h, k}) . 

Sinc e the term t(u. v) is linear and independent from x. following i Hans and Winkler 
1992*) we can avoid to compute the star union over {xy, xz}, obtaining the abstract 
object [bin({xyh, xzk}, {u, v, uv}), {a, y, z, h, k, m}]. If we project on {h, k, u, f} we 
obtain bin({h, k}, {u, v, uv}) against bin({h, k, hk}, {u, v, uv}). In this way, we are 
able to prove the independence of h from k. □ 

These examples show that, when computing forward abstract unification by first 
enlarging the domain of variables of interest, there is a loss of precision. In fact, 
such a forward abstract unification operator is not optimal. We now show that it 
is possible to design an optimal operator for forward unification which is able to 
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exploit linearity and freeness information that stems from the fact that variables 
in the third argument of Up^ are fresh. Note that we are not proposing to em¬ 
bed freeness and linearity information inside the domain, but only to use all the 
information coming from the syntax of the clauses. 

6.1 The Refined Forward Unification 

We are going to define an abstract operator unifsh which is correct and optimal 
w.r.t. unifps. 

Definition 6.4 

The abstract unification unifsh : Sharing x —> Sharing is defined as 

unifsh([5i, Ui], 0) = [u^h(5i U {{4 I X G U 2 }, C/ 2 , 0), C/i U C72] 

where U 2 = vars( 6 >) \C/i and Ugj^ : p(p/(V)) x p/(V) x ISubst p(p/(V)) is defined 
as: 

u^J5,C7,e) = 5 

^LiS, U, {x/t} W (5) = u^h((5' \ (rel(5', t) U re^S*, x)))U 

bin(rel(5', x), rel(S', C)), U \ {x}, 6) if x G C/ 

W (5) = u^h((‘5' \ (i’el(S', t) U re^^, x)))U 
bin(rel(5', x), rel(S', y)*)U 
bin(rel(5',x)*,rel(5', Z)*)U 
bin(bin(rel(5', x)*, rel(S', Z)*), rel(S', Y)*), 

C/\ vars({x/t}), 5) ii x ^ U 

where Y = uvars(t) CiU, Z = vars(t) \ Y. 

The idea is simply to carry on, in the second argument of Ugj^, the set of variables 
which are definitively free and to apply the optimizations for the abstract unification 
with linear terms and free variables (jHans and Winkler 19921) . Actually, while the 
case for x G C7 is standard, the case for x ^ U exploits some optimizations which 
are not found in the literature. When Z = 0, we obtain: 

{S \ (rel(5', t) U rel(5', x))) U bin(rel(5', x), rel(S', Y)*) , 

which is the standard result when the term t is linear and independent from x. 
However, wh en Z ^ the standard optimizations which appear, e.g.. in i Hans and 
Winkler 1992^, do not apply, since t cannot be proved to be linear and independent 
from X, and we should obtain the following standard result: 

(S' \ (rel(S, t) U rel(S, x))) U bin(rel(S, x)*, rel(S, t)*) . 

We are able to avoid some star unions by distinguishing the variables in t which are 
“linear and independent” (the set Y) from the others (the set Z), and observing 
that two sharing groups in rel(S, x) may be merged together only under the effect 
of the unification with some variable in Z. We will come back later to this topic. 
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We can now define the forward abstract unification Ugj^ : Sharing x p/(V) x 
Atoms X Atoms Sharing. We only need to introduce the necessary renamings and 
projections, as done for the concrete case: 

'^Shi{Si^Ui],Ai,A 2 ) = 7rsh(unifsh(p([S'i,t/i]),mgu(p(Ai) = A 2 )),vars(A 2 )) (31) 

with p a renaming such that p{Ui U vars(A.i)) n vars(A. 2 ) = 0. 

Example 6.5 

We keep on Examples 14.41 and 16.21 and compute the abstract counterpart of the 
concrete forward unification 

Ups([{[y//(2;, 2 )]}, {x, y, z}],p{x, y, z),p(u, v, w)) = 

[{[u/x, v/f{x, z), w/z]}, {u, V, w}] 

using our optimized forward unification operator. 

{ 2 ;, y, z}],p{x, y, z),p{u, V, w)) = 

7rsh(unifsh({xy, yz}, {x/u, y/v, z/w}),{u, v, w}) = 

7rsh([{uvxy, vwyz}, {m, v, w, x, y, z}], {u, v, w}) = 
[{uv,vw},{m,w,w}] . 

Thus the optimized operator is able to prove that u and w are independent after 
the unification. □ 


6.2 Correctness of Forward Unification 

We prove that the unification operator unifsh is correct w.r.t. the concrete operator 
unifpg. We begin to analyze the abstract behavior of unification when the second 
argument is a substitution with only one binding. Let a and {x/t} be the two 
substitutions we want to unify. In this simple case, the resultant sharing groups 
can be easily computed by exploiting the substitution S = mgu(a;(T = ta). We show 
that, under suitable conditions, any sharing group either belongs to ash([o']( 7 ]) or 
is of the form occ(a, occ(S, v)) fl 17, where v € vars(xa' = ta). 

Proposition 6.6 

Let [a]u G ISubstr.. and {x/t} G ISuhst such that vars({x/t}) C U and a and {x/t} 
unify. If Q:sh([o']( 7 ]) Esh [S, U] and S = mgu(a:cr = ta), we obtain: 

ash(mgu([cr]c/, [x/t]u)) Esh[(S' \ (rel(S', x) U re^S", t))) 

U {occ{a, occ{S,v)) OU \v G vaTs{xa = ta)},U] . 


Proof 

The proof can be found in the Appendix as Prop. IB. 31 □ 

This result may be refined by introducing further hypotheses. We have antici¬ 
pated that our abstract algorithm takes advantage of the fact that some variables 
are known to be free in order to to produce better results than standard abstract 
unification. We may be more formal. 
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Definition 6.1 

We say that a variable a; S V is /ree in [6]v when 9\y[x) S V. 

Note that this definition does not depend on the choice of the representative for [9]v- 
Moreover, if x is free and independent from V in [0]y, there exists a representative 
0' 9 such that x ^ vars(0'). It is enough to take 9' = where 9" is a 

canonical representative. 

Now, we consider again Prop. 16.61 but we assume x to be free and independent 
from 17 in A result similar to the following proposition has been already proved 
in the literature, e.g., (|Hans and Winkler 1992p . Since our treatment of substitutions 
is slightly different from the standard one, for the sake of completeness we present 
the altered proof. 

Proposition 6.8 

Let [(j\u G ISubstn^ and {x/t} G ISuhst such that vars({a;/t}) C U and a and {x/t} 
unify. If ash([o']; 7 ) Cgi, [5, U] and x is free and independent from U in [crjc/j then: 

ash(mgu([tT];7, [x/t]u)) 

Esh [{S \ (rel(5', x) U rel(S', t))) U bin(rel(5', x), rel(S', t)), U] . 


Proof 

The proof can be found in the Appendix as Prop. IB. 41 □ 

Now we analyze the case when x is not guaranteed to be free and independent 
from U in [cr]u. We show that it is possible to consider three distinct cases depending 
on the set of variables Y = {y G vars(t)|vars(cr(y)) C uvars(xfT = ta)}, that is the 
set of variables y such that all the variables in vars(cr(j/)) appear once in xcr = ta. 
Such variables play a special role in the unification process. Generally speaking, we 
can form new sharing groups by merging sets from rel(S', x) and re^S", t). Obviously, 
any new sharing group must be formed by choosing at least one element from 
rel(S', x) and at least one from rel(5', <). We show that, if we do not include any 
variable from vars(t) \ P, then we may avoid to include more than one sharing 
group from re^S”, x). Intuitively speaking, variables from Y do not allow to merge 
different sharing groups from rel(5', x) since such variables appear only once and 
thus cannot be bound to different occurrences of x. 

Example 6.9 

Let a = {x/f{u, u)}, U = {u, v, x, y, z} and consider the binding x/f{f{y, z), z). We 
have that Y = {y}, ash([o-]( 7 ) = [<5,17] = [{ux,vx,y ,z}, [/], rel(S',x) = {ux,vx} 
and rel(S', t) = {y ,z}. In the standard definition of abstract unification, uvxy would 
be one of the possible resultant sharing groups. However, since uvxy is obtained 
by joining two sharing groups in re^S”, x) and it does not contain any variable in 
vars(t) \ P, it cannot be generated. In fact, the result of the unification is ry = 
{x/f{f{y,z),z),u/f{y,z),v/z} and ash{[r]]u) = [{uxy ,uvxz}, [/]. The variables u 
and V occur in the same sharing group thanks to the two occurrences of z. □ 
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Proposition 6.10 

Let [a]u G ISubstr. and {x/t} G ISuhst such that vars({a;/t}) C U and a and {x/t} 
unify. Given Y C vars(t) such that, for all y G Y, vars(a(y)) C uvars{a:cr = ta), if 
ash([o-]; 7 ) Esh [S, U] then 

ash(mgu([cr];7, [x/t]u)) Esh [{S \ (re^^, t) U rel(S', a;))) 

U bin(rel(S', x), rel(S', Y)*) U bin(rel(5', a;)*, rel(5', Z)*) 

U bin(bin(rel(5', a:)*, re^S*, Z)*), re^S*, Y)*), U] , 

where Z = vars(f) \ Y. 

Proof 

The proof can be found in the Appendix as Prop. IB.61 □ 

Now, by combining the results from Propositions 16.81 and 16.101 we can show the 
correctness of unifsh- 

Theorem 6.11 

(Correctness of unifsh) The unihcation operator unifsh is correct w.r.t. unifpg. 
Proof 

The proof can be found in the Appendix as Theorem IB.81 □ 


6.3 Optimality of Forward Unification 

In this section we prove that the abstract unihcation operator unifsh is optimal 
w.r.t. the concrete operator unifps, that is to say that, given [Si,!/!] G Sharing 
and 9 G ISuhst, it holds: 

ash(unifps( 7 sh([S'i, Gi]),6»)) □sh unifsh([5'i, f/i], 6»). 

Let unifsh([*S'i, Ui],9) = [5, U] where [/ = [/i U vars(0). In the rest of this section, 
we assume hxed S, Si,U,Ui,9 as dehned above. 

For each X G S, we need to exhibit a substitution S such that Qfsh([<5]c/i) Esh 
and ash(mgu([5]c/i, [6>]c/)) □sh [{X},[/]. Any resultant sharing group is 
obtained by merging together sharing groups from Si and variables in vars(0) \ 
Ui. We show that two sharing groups Bi and B 2 may be joined by the abstract 
unihcation algorithm only if there are two variables xi G Bi, X 2 G B 2 such that 
9{xi) and 0{x2) share some variable. Actually, we need to be careful when Xi = X 2 , 
since we need a variable which occurs at least twice in 9{xi). More formally, given 
X G p/(V) and 9 G ISuhst, we dehne a relation TZgx Si x Si as follows: 

BiIZgxB 2 3x1 G Bi 3x2 G B 2 3y. {y G vars(0(xi)) n vars(0(x2)) flX) A 

(xi = X 2 => y uvars(0(xi))) . (32) 

We say that X is 0-connected when there exist i?i,..., G s.t. = 

X r\Ui and BiTZgxB 2 ■ ■ ■ 'B.gx^n, where TZgx is the transitive closure of IZgx. 
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Lemma 6.12 

For each X G S', X is 6 *-connected. 

Proof 

The proof can be found in the Appendix as Lemma FC.41 □ 

Now we will exploit the relation TZgx in order to find a substitution 6 such that the 
concrete unification of 0 with 6 mimics the behavior of the abstract unification of 
9 with [Si, Ui]. We define a 6 which has exactly the sharing groups Bi,. .. ,Bn and 
which is obtained by instantiating 9. The idea is that if BiTZexB2 due to xi G i?i, 
X 2 G B 2 and the common variable y G 9(xi) n 9{x2), then the occurrences of y in 
9{xi) and 9{x2) are replaced by two suitable terms which unify and merge together 
the two sharing groups Bi and S 2 . 

Example 6.13 

Let 9 = {x/f{u),y/g{u)] and [Si,t/i] = [{xw,yz}, {w, x, y, z}]. Consider B^ = 
xw and B 2 = yz. We choose the variables x G -Bi and y G B 2 . Since u G 
9(x) n 0(y), we can choose the substitution <5 = {x/f{wi),ylg(w 2 ),w/wi,z/w 2 } 
obtained from 9 by replacing each occurrence of u, w, z with suitable new terms. It 
is easy to verify that 9 and 5 unify and that ash(mgu([5]{„,:j,,j,,^}, [9]{u,w,x,y,z})) 3sh 
[{uwxyz}, {u, w,x,y,z}]. □ 

Example 6 .I 4 

Let 9 = {x/f{u,u)} and [Si,17i] = [{xw,xy,xz}, {ui, x, y, z}]. Consider Bi = xw, 
B 2 = xy and B 3 = xz. We choose the variable x G Bi n B 2 C B 3 . Then u ^ 
uvars( 0 (x)), and we can choose as S the substitution 

{x/f(t(wi,wi), t(w 2 ,W 3 )), w/wi,y/w 2 , z/ws} , 

obtained from 9 by replacing each occurrence of u, w, y, z with suitable new terms. 
It is easy to see that 9 and 6 unify and that ash(mgu([ 5 ]{„,,,j,_j,_ 2 }, [0]{u,w,x,y,z})) 3sh 
[{uwxyz},{u,u;,x,y,z}]. □ 

Following this idea we can now prove that mgu and unifsh are optimal. 
Proposition 6.15 

For all X G S' there exists G ISubstr^ such that Q!Sh([<5]c/i <sh [Si, Ui] and 
ash(nigu([(5](7i, [0](7)) □sh [{Ar},B] . 


Proof 

The proof can be found in the Appendix as Prop. 1C.61 □ 

The optimality result for unifsh w.r.t. unifps immediately follows from the above 
proposition. 

Theorem 6.16 

(Optimality of unifgh) unifgh is optimal w.r.t. unifpg. 

Optimality of unifsh also implies the following corollary: 
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Corollary 6.17 

The result of unifsh does not depend on the order of the bindings in its second 
argument. 


6.4 Summing Up 

We may put together all the results of correctness, optimality and completeness 
shown so far to prove the main theorem of this section. 

Theorem 6.18 

Ugj, is well defined, correct and optimal w.r.t. Up^. 

Proof 

The proof can be found in the Appendix as Theorem 1C.71 □ 

Generally speaking, in order to obtain optimality, it is always a better choice to 
abstract a concrete operator “as a whole”, instead of abstracting each component 
and then composing the abstract operators. According to this rule, we could think 

f 

that a better approximation may be reached by abstracting Up^ as a whole. How¬ 
ever, since abstract projection/renaming is complete and 7 -complete, this does not 
happen, as shown by the previous theorem. Studying the direct abstraction of this 
composition would still be useful to find a direct implementation which is more 
efficient than computing unifsh and projecting later, but we do not consider this 
problem here. 

Since Ugj, generates less sharing groups then U'gh and since checking whether 
a variable is in U is easy, we can expect an improvement in the efficiency of the 

f f 

analysis by replacing U gj, with Ugj, in the computation of the entry substitution. 
If computing Y and Z at each step of Ugj^ seems difficult, it is always possible to 
precompute these values before the actual analysis begins, since they depend on 
the syntax of the program only. Moreover, in the definition of Ugj^, when x € U we 
know that rel(S', cc) = {{a;}}, since 0 is an idempotent substitution and x ^ Ui. 

A further optimization is obtained by replacing re^S”, Y) with the set of all the 
sharing groups whose variables are all contained in Y. Clearly, this is a subset of 
re^S”, Y) and it is immediate to check that the result of Ugj^ does not change. In 
fact, all the sharing groups in bin(rel(S', x), re^S”, F)*) which are not generated 
anymore, may be found in bin(rel(S', x)*, re^S”, Z)*). 

We said before that this operator introduces new optimizations which, to the best 
of our knowledge, are not used even in more complex domains for sharing analysis 
which include linearity and freeness information. We give here one example which 
shows their effects. 

Example 6.19 

Let us consider the following unification. 

uL([{xw, xz, yw, yz}, {x, y, w, z}],p{x, y, w, z),p{f{u, h), f{u, k), s, t)) . 

By applying the optimizations suggested from the unification algorithm in presence 
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of linearity and freeness information in (|Hans and Winkler 1992|) . we may start 
from the abstract object S = {xw, xz, yw, yz, u, h, k, s, t} and process the bindings 
one at a time, keeping in mind that u,h^k,s,t are initially free. This means that 
in the binding x/f{u,h), the term f{u,h) is linear, and therefore we can avoid to 
compute the star union in re^S”, x), thus obtaining: 

{k, s, t, yw, yz} U bin({xw, xz}, {u, h, uh}) = 

{k, s, t, yw, yz, xwu, xwh, xzu, xzh, xwuh, xzuh} . 

However, after this unification, the variable u can be bound to a non-linear term. 
Therefore, w hen we consider the next bindinEf v! f(u.k). accordinEf to i Hans and 
Winkler 1992'), we are forced to compute all the star unions, obtaining 

{s, t} U bin({yw, yz}*, ({k} U bin({xw, xz}, {u, uh}))*) U {xwh, xzh} . 

Finally, in the bindings w/s and zjt we may omit all the star unions since t and s 
are free, and we get the final result 

bin({yws, yzt}*, ({k} U bin({xws, xzt}, {u, uh}))*) U (xwsh, xzth} . 

Observe that we obtain the sharing group ywsztk, and thus, after projecting on 
{u,h,k,s,t}, we obtain the sharing group stk. However, when we consider the 
second binding, we know that k is free and independent from y, and this is enough 
to apply a new optimization. In fact, k can share with more than one sharing group 
related to y only if k shares with u. If we compute the abstract unification with our 
algorithm, we obtain 

(ywsk, yztk} U bin({yws, yzt}*, bin({xws, xzt}, (u, uh})*) 

U bin(bin({yws, yzt}*, bin({xws, xzt}, ju, uh})*), {fc}) U (xwsh, xzth} 

and when we project on {u, h, fc, s, t}, the sharing group stk does not appear. In 
fact, note that any sharing group generated by 

bin(bin({yws, yzt}*, bin({xws, xzt}, {u, uh})*), {fc}) 

contains the variable u. The result does not change by permuting the order of the 
bindings. If we consider the binding y/f{u,k) before x/f{u,h), with the standard 
operators we get: 

bin({xws, xzt}*, ({h} U bin({yws, yzt}, (u, uk}))*) U (ywsk, yztk} 

and, when we project on (u, h, k, s, t}, we obtain the sharing group sth, which does 
not appear in our result. □ 


7 Matching and Backward Unification 

To the best of our knowledge, in all the collecting denotational semantics for logic 
programs, backward unification is performed by using unification instead of match¬ 
ing. This means that, instead of Up^, the concrete semantics uses a backward 
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unification operator which unifies two concrete objects in Psub with a substitution: 
U'^,([Ai,C/i],[A2, C/2], ^1,^2) = 

7rps(unifps(p([Ai, C/ij), [A 2 , C/2],mgu(/9(Ai) = ^ 2 )), C /2 U vars(A2)) , (33) 
where p is a renaming such that p{Ui U vars(Ai)) n (C /2 U vars(A 2 )) = 0 and 
unifp,([Ai,C/i], [A2,C/2],(5) = 

[{mgu([0i](7i, [(^ 2 ]u 2 J [<5]vars(5)) I G Ai, [92]u2 ^ ^ 2 }) U C/ 2 ] (34) 

is simply the pointwise extension of mgu over Psub. It is worth observing that 
unifpg(p([Ai, C/i]), [A 2 , C/ 2 ], i5) is a very specific kind of unification, since p{Ui) and 
C /2 are disjoint. The optimal abstract operator U'gf, w.r.t. U'pg is very similar to 
that proposed in (ICortesi and File 1999|1 (see Section [82] for further details), and 
it is given by: 


U'^h([^l,C^l],[*52,C/2],^l,A2) = 

7 rsh(unifsh([p(5'i) U S' 2 , p{Ui) U C/ 2 ], mgu(p(Ai) = ^ 2 )), U 2 U vars(A 2 )) . (35) 


As said before, this choice results in a loss of precision already at the concrete level, 
which leads to a loss of precision in the abstract counterpart. When we compute 
u1([Ai,C/i],[A2 , C/ 2 ], Ai, A 2 ), we essentially unify all pairs 9i and 02, elements 
of Ai and A 2 , with 6 = mgu(Ai = A 2 ) (assuming we do not need renamings). 
However, it could be possible to consider only the pairs in which 9i is an instance 
of mgu(02, S) w.r.t. the variables of interest in C/i nC/ 2 . If this does not hold, then 0i 
cannot be a success substitution corresponding to the call substitution 02 , and there¬ 
fore we are unifying two objects which pertain to different computational paths, 
with an obvious loss of precision, already at the concrete level. This problem has 
been pointed out by Marriott et al. (1994, Section 5.5). 

We now want to define the optimal abstract operator Ugj^ corresponding to Up^. 
This is accomplished by composing the forward unification operator unifgh with a 
new operator matchgh, which is the abstract counterpart of matchpg. 


Definition 7.1 

Given [^i, C/i], [5'2, C/ 2 ] G Sharing, we define 
matchsh([5i,C/i],[52,C/2]) = 

[S[ u 5 ^ u {Al u A2 1 Al G s'f, X2 G is'fy,Xi n C/2 = A2 n c/i}, c/i u c/2] 

where S[ = {B € Si \ B D U 2 = $} and 5" = ^i \ , 5' = {H G ^2 | 5 n C/i = 0} 

and S!f = S '2 \ 5' 

The idea is that we may freely combine those sharing groups in S 2 that have some 
variable in common with Ui, i.e., A 2 G {S'f)* , if the projection of the result on Ui 
is equal to some sharing group in Si, when projected on C/2. This means that new 
aliasings between variables may arise in the concrete counterpart of S 2 (the entry 
substitution), as long as they do not affect the variables of the exit substitution. 
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Definition 1.2 

The abstract backward unification may be defined as 

VlMSi, U,], [^2, U2],Ai,A2) = 7rsh(matchsh(p([5i, C/i]), 

unifsh([5'2,J72],mgu(p(Ai) = A2))),C/2 Uvars(A2)) . (36) 
where p is a renaming such that p{Ui U vars(yli)) n (C /2 U vars(A 2 )) = 0. 

Example 7.3 

Let C7i = {u,v,w}, U 2 = {x,y,z}, 0i = {[{v/t{u,w,w)}]ui,[{v/t{u,u,w)}]ui}. 
©2 = {[{y/t{x,z,z)}]u 2 , [{y/tix,x,z)}]u 2 } and p = id. We have 

U'k([©i,C/i], [Q 2 , U 2 ],pin, V, w),p{x, y, z)) = 7rps([0,C/i U U 2 ],U 2 ) , 

with [0]uiuU2 = [{y/tix,x,x), z/x,u/x,v/t{x,x,x),w/x}]uiUU 2 S 0. Let [^ijC/i] = 
ash([0i, L^i]), [5'2, C/ 2 ] = ash([02, U 2 ]), Si = {uv, vw} and S 2 = {xy, yz}. We obtain 

U'L([5'i, Ui], [5'2, C/ 2 ],p(u, V, w),p(x, y, z)) = 7rsh([5', Ui U C/ 2 ], C/ 2 ) , 

and xyzuvw £ S. So, it seems that m, v and w may share a common variable. Note 
that 9 is obtained by unifying 172 = {y/t(x, z, z)} with ai = {v/t(u,u,w)} but 
cri(z;) = t{u,u,w) is not an instance of mgu((T 2 , mgu(p(a;, y, z) = p{u,v,w))){v) = 
t{x,z,z). Therefore, CTi and 172 do pertain to different computational paths. Using 
the backward unification with matching, we obtain 

Ups([01,C/i], [02,C/2],p(M,u,ui),p(x,y,z)) = 

'^Ps{[{[y/t{x, z, z), u/x, v/t{x, z, z),w/z], [y/t{x, x, z), u/x, v/t{x, x, z),w/z\}, 
{x,y,z,u,v,w}],{u,v,w}) , 

which does not contain 9. In the abstract domain, we have: 

Ush(['S'i, ^^i], [S 2 , C/ 2 ],p(m, V, w),p{x, y, z)) = 

7>‘Sh([{xyuv,yzvw}, C/i U C/ 2 ], C/ 2 ) . 

After the unification we know that x and z are independent. Note that the abstract 
matching operators defined in ( jKing and Longley 1995[ IHans and Winkler 1992]) . 
cannot establishthis property. The algorithm in (Muthukumar and Hermenegildo 
1992 ) computes the same result of ours in this Articular example, but since their 
matching is partially performed by first projecting the sharing information on the 
term positions of the calling atom and of the clause head, this does not hold in 
general. For example, their algorithm states that x and z may possibly share when 
the unification is performed between the calling atom p(t{x,y, z)) and the head 
p{t{u, V, w)), where / is a function symbol, p a unary predicate and the call substi¬ 
tution is the same as before. □ 

7.1 Correctness and Optimality 

We can prove that Ugj^ is actually the best correct abstraction of the backward 
concrete unification Up^. To prove correctness we only need to show that matchsh 
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is correct w.r.t. matchps. Correctness of Ugj^ will follow from the fact that Ugjj is 
a composition of correct abstract operators. 

Theorem 7.4 

(Correctness of matchsh) matchsh is correct w.r.t. matchps. 

Proof 

The proof can be found in the Appendix as Theorem lD.il □ 

However, the composition of optimal operators may fail to be optimal. Therefore, 
optimality of matchsh does not guarantee optimality of Ugjj. In order to prove the 
optimality result, we need to establish two additional properties on the abstract 
operators matchsh and unifsh- The idea is that both these operators are used in a 
very specific way in the backward unification. 

Proposition 7.5 

1. matchsh is optimal w.r.t. matchps; 

2. when matchpg is restricted to the case when the second argument contains a 
single substitution, then matchsh is complete w.r.t. the second argument, i.e. 

matchsh([S'i, C/i], ash([{[CT 2 ]}, 1 / 2 ])) = 

ash(matchps(7sh([5'i, Di]), [{[CT 2 ]}, t/ 2 ])) 

3. unifsh is optimal in a very strong way: given [S'!,!/!] £ Sharing and 0 £ 
ISubst, there exists a substitution <5 £ ISubst such that ash([<5]f7i) Esh [S’!, Ui] 
and 

Q!Sh(unifps([{[(5]}, Di], 6*)) = unifsh([5'i, Ui],9) . 


Proof 

Proofs of these properties can be found in the Appendix as Theorems ID. 2 [ Id 31 and 
iDAl □ 

On the last point, note that the standard definition of optimality for unifsh only 
assures the existence of a set of substitutions A such that ash([A, Ui]) Esh [5'i, Ui] 
and ash(unifps([A, 17i], 0)) = unifsh([<5'i, 17i], 0). However, we show that any set A 
can be reduced to a singleton. This allows us to find a single substitution to be 
used for proving the optimality result for all the resultant sharing groups. Finally, 
using Theorem 17.41 and Prop. FTA] we may prove the expected result. 

Theorem 7.6 

Ugh is correct and optimal w.r.t. Up^. 

Proof 

The proof can be found in the Appendix as Theorem ID.51 □ 

To the best of our knowledge, this is the first abstract matching operator which 
is optimal for the corresponding concrete operator. We now give an example of 
a program where the use of Ug^, and Ugj^ gives better results than the standard 
operators U'gj^ and U'gj^. 
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Example 7.7 

We keep on ExamDles l4.4l[6T^ and l6.5l and consider the trivial program with just one 
clause p(u, V, w) and the goalp(x,y,z) with {xy, yz}. Using our abstract operators, 
we obtain the entry substitution {uv, vw} and the success substitution {xy, yz} (see 
Ex. [63] and [731), thus proving that x and z are independent. 

We now compute the abstract semantics of the goalp(a;, y, z) with {xy, yz}. From 
Example 14.41 we have that the abstract semantics of P is 

XA.Xx.VshC^ihix, A,p{u, V, w)), x,p{u, v, w), A) . 

Thus, in order to compute the semantics of the goal p{x,y,z) with {xy, yz}, we 
need to compute 

UL(U^h([{xy> yz}, y, x}],p{x, y, z),p(u, V, w)), 

[{xy, yz}, {x, y, x}],p{u, V, w),p{x, y, z)) . 

From Example 16.51 we know that 

uL([{zy,yz},{a:,y,a;}],p(x,2/,z),p(w,u,u;)) = [{uv, vw}, {u, w}] , 

from which we obtain (see Example 17.311 : 

UL([{uv, vw}, {u, V, w}], [{xy, yz}, {x, y, x}],p{u, v, w),p{x, y, z)) = 

[{xy,yz},{x,j/,z}] , 

which shows that x and y are independent. 

If we replace either Ugjj or Ugj^ with U'gjj or U'gh, then the success substitution 
will contain the sharing group xyz. In fact, as shown in Ex. 16.21 the entry substitu¬ 
tion in the latter case would be [{uv, vw, uvw}, {m, v, rc}]. If we compute the success 
substitution we obtain: 

U'sh([{uv, vw, uvw}, {m, V, w}], [{xy, yz}, {x, y, z}],p{u, v, w),pix, y, z)), {x, y, z}) 

= [{xy,yz,xyz},{x,y,z}] , 

which contains the sharing group xyz. □ 


7.2 Programs in Head Normal Form 

It is worth noting that the improvement in the previous example is obtained with 
a program in head normal form. Usually, when programs are in head normal form, 
the forward and backward unification may be replaced by renamings, which are 
complete and do not cause any loss in precision. However, there is the need of an 
unification operator for the explicit constraints which appear in the body of the 
clauses. In general, the analyses we obtain in our framework are more precise than 
those which can be obtained by using the standard domain Sharing by translating 
the same program to the head normal form. 


Example 7.8 
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Consider again Ex. l7.7l and the program p(u, f (s), w) <— which is not in head normal 
form. Using our abstract operators, we obtain the success substitution {xy, yz}, as 
in Ex. 17.71 If we normalize the program, we obtain the clause p(u, v, w) <— v = f(s). 
The entry substitution obtained from {xy, yz} by simply renaming the variables 
x,y,z to u,v,w and introducing the new variable s is {uv,vw, s}. By using the 
standard operator for unification, when applying the binding v/f{s) we obtain 
juvs, vws, uvws}, and thus the success substitution will contain the sharing group 
xyz, resulting in a loss of precision. □ 

It is possible to use our forward abstract unification in a normalized program 
by enlarging the set of variables of interest only when new variables are effectively 
met, instead of adding all the variables which appear in the body of a clause once 
for all when the entry substitution is computed. In the example above, the variable 
s can be introduced when unifying the abstract object {uv, vw} with v/f{s). Since 
unifsh([{uv, vw}, (it, u, rcj], {u//(s)}) = [juvs, vws}, {u, u, w, sj], we still obtain as 
success substitution {xy, yz}, thus proving that x and z are independent. 

In the general case, translating a program in head normal form will negatively 
affect the precision of the analysis. To achieve the same precision in both cases, 
we need to add stru ctural information to the abstract domain ( Le Charlier and 
Van Hentenryck 1994). 


8 Related Works 


8.1 Relationship with ESuhst 


The domain ESubst proposed by Jacobs and Langen (1992) uses a non standard def¬ 
inition of substitution. We may prove that ESubst is isomorphic to ISubst.... This 
formalizes the intuition, which has never been proved before, that working with 
ESubst is essentially like working with substitutions. Similar proofs may be devel¬ 
oped for ex-equations ([Marriott et al. 19941) and existential Herbrand constraints 


(Levi and Spoto 20031. 


We now briefly recall the definition of the domain ESubst. For the sake of clarity, 
in the following, we call E-substitution the nonstandard substitution defined in 


(Jacobs and Langen 19921. An E-substitution cr is a mapping from a finite set of 
variables dom(cr) C V to Terms. This approach differs from the standard definition 
of substitutions, which are mappings from V to Terms that are almost everywhere 
the identity. The preorder on E-substitutions is defined as follows: 


a <E 0 <;=> dom(0) C dom(CT) A (Vt G Terms, vars(t) C dom(0) ^ 

an E-substitution s.t. at = 6{6{t))) , (37) 

where the application of an E-substitution to a term is defined as usual. 

Let be the equivalence relation on E-substitutions induced by <£. The do¬ 
main ESubst is defined as the set of equivalence classes of E-substitutions w.r.t. 

that is ESubst = {[cr]r.^E | cr is an E-substitution}. The next theorem shows 
that ESubst is isomorphic to Subst.^ which, as shown in Prop. lTTl is isomorphic to 
ISubstr.,. 
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Theorem 8.1 

ESubst and are isomorphic posets. 

Proof 

To each E-substitution 9 we may associate a substitution O' such that 0'{x) = 9{x) 
if a; £ dom(0) and 0'{x) = x otherwise. Note that, for each term t, 6 {t) = 9'{t)\ 
an E-substitution and the corresponding standard substitution behave in the same 
way on terms. 

We may prove that, if <e ^ 2 , then O'^ ^dom(e 2 ) ^ 2 - By definition, if 9i <e O 2 
then dom( 02 ) C dom(0i) and Vt £ Terms with vars(t) C dom( 02 ), there exists 
an E-substitution 5 such that 9i{t) = 6 { 92 {t)). Let dom( 02 ) = {a^i,..., a^n} and 
consider a term t such that vars(f) = {xi,..., x„} (note that t exists iff there is at 
least a term symbol of arity strictly greater than 1). By definition, there exists an 
E-substitution 6 such that 9i{t) = ( 5 ( 02 (i)), that is, for any v £ dom( 02 ) it holds 
9i{v) = ( 5 ( 02 (n)). This means that 0'i(u) = S'{ 6 ' 2 {v)) and therefore 0( ^dom( 6 i 2 ) ^ 2 - 
On the converse, for each 9 £ Subst and U £ p/(V), we associate a corresponding 
E-substitution such that dom(0**^) = U and 9*^{v) = 9{v) for each v € U. 
As for the previous case, we have that if 9i Fjj 02 , then 0*^ <e 9’f. First of 
all, note that dom(0*^) = U = dom( 02 ^). Moreover, by definition of Fjj, there is 
d £ Subst such that 0i(u) = ( 5 ( 02 (u)) for each v £ U. Now, given a term t such 
that vars(t) C {7, we may check that 9*^(t) = and this proves 

Se ^2 • 

Now, we may lift these operations to equivalence classes to obtain the function 
t : ESubst —> Subst..., such that 

''([^]~e) = [^']dom(e) • 

The map l is well defined: if 0i '^e 02 then dom(0i) = dom(02) and, by the above 
property, 0^ "^dom(6»2) ^ 2 - Moreover, there is an inverse given by 

^-'([ 0 ]£) = . 

It is easy to check that is well defined: if 0i Fu 02, then 0*^ <e 9'^. 

It is immediate to check, given the properties above, that i and are one the 
inverse of the other. Moreover, they are both monotonic. If [0 i]_e [02]£; then 

dom( 02 ) C dom(0i) and 0^ ^dom(e 2 ) ^ 2 , i-S-, '-([^'iI-e) = [0'i]dom(ei) ^ W 2 ]dom(e^) = 
'-([^ 2 ]-®)- On the converse, if [0i]c/ ^ [02]v then [0i]y ^ [02]y and therefore 
i“^([0i]v) <E i“H[^ 2 ]y)- We only need to prove that l~^{[9i]u) <e ''“H[^i])y- 
This follows from that fact that, given a term t with vars(t) C V, {t) = 0*'^(t). 
□ 

It is worth noting that the most general unifier as defined in ( Jacobs and Langen 
1992 ) corresponds to mgu in ISubst.... In formulas, given term ti and ^ 2 , we have 
that 

(,([mgu(<i,t2)]-E) = [nigu({<i = t2})]vars(ti=t2) ( (38) 

where mgu on the left is the operator in Definition 1 of ( [Jacobs and Langen 1992] ) 
and L : ESubst —>■ ISubst... is the isomorphism defined in the proof of Theorem 18.11 
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To the best of our knowledge, this is the first proof of the relationship between the 
mgu in a domain of existential substitutions and the standard mgu for substitutions. 
Moreover, it is worth noting that by adding a bottom element to ISubst^ and 
ESubst, they turn out to be isomorphic complete lattices. 


8.2 A Case Study 

In Section [3] we said that, in order to define a good collecting semantics for correct 
answer substitutions, there are several possible directions. We may work with a 
domain of existentially quantified substitutions like ISubst... , or we may work with 
standard substitutions, being careful to keep enough representatives for each equiv¬ 
alence class. We have already discussed the benefits of using equivalence classes. 
In order to show the kind of problems which arise from the use of domains of sub¬ 
stitutions, without any equivalence relation, we want to show a small flaw of the 
semantic framework defined in (|Cortesi and File 1999|) for the analysis of sharing, 
and widely used in several other works on program analysis such as (Bagnara et al. 
2002': IHill et al. 2004p . 

The framework is based upon the domain Rsub = {p{Subst)xpf{y))L){T rs, Trs} 
which is a complete lattice, partially ordered as follows: Trs is the top element, Trs 
is the bottom element and [0i, Ui\ Crs [02, [^ 2 ] if and only if Ui = U 2 and 0i C 02. 
An object [0, U] is a set of substitution 0 where the set of variables of interest U 
is explicitly provided. 

The main operation in Rsub is the concrete unification Urs : Rsub x Rsub x 
ISubst —fRsnh such that: 

Uns{±Rs,^,S) =URs(e,TRs,<5) =Tr. 
UR.(e,TR„<5)=UR,(TR„e,<5)=TR, if^^TRs 
Urs([ 01 , c/l], [Q 2 ,U 2 ], 6 ) =[{mgu(cri,(T 2 ,^) I CTi e 01,(72 S 02, 

vars((Ti) n vars((T 2 ) = 0}, C/i U 1 / 2 ] . 

Although it is well defined for all the values of the domain, Urs([0i, 17i], [02, U2],S) 
may be restricted to those values such that Ui C] U 2 = ^ and vars((5) C Ui U U 2 , 
sinc e this is the only wav Ub= is used in the semantics defined in ( Cortesi and File 
1999). 

The abstract domain is the same Sharing we use in our paper, with abstrac¬ 
tion map ash : Rsub —+ Sharing and unification Ush : Sharing x Sharing x 
ISubst Sharing defined by: 

ash([0, U]) = |Jgj^{ash([(7](7) I (7 G 0} , (40) 

Ush([0i, t^i], [02, U 2 ], 6 ) = unifsh([0i U 02, C/l U C/ 2 ], 5) (41) 

The domain of Ush is restricted to the case C/i fl C /2 = 0 and vars(i5) C C/i U C/ 2 . 

By looking at the paper, we think that, in the idea of the authors, [0, U] G Rsub 
should have been treated as [{[(7](7 | a G 0},C/] G Psub is in our framework. 
However, the condition vars((7i) n vars((72) = 0, introduced in Urs in order to 
avoid variable clashes between the two chosen substitutions, is not enough for this 
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purpose. Actually, Urs only checks that cti and 02 do not have variables in common, 
without considering their sets of variables of reference Ui and U 2 ■ This unification 
can lead to counterintuitive results. 

Example 8.2 

Consider the following concrete unification: 

URs([{Wy}},{4],[{4,M],e)= [{W2/}},{a:,y}] . (42) 

Being vars(e) = 0, the concrete unification operator allows us to unify {cc/y} with 
e without renaming the variable y, which is not a variable of interest in the first 
element but it is treated as if it was. This also causes the incorrectness of Ush- 
If we consider Eq. (j42p and compute the result on the abstract side by using the 
abstract unification operator Ush, we have: 

Ush( ash([{{a;/y}},{a;}]), Q:sh([{e},{y}]), e) 

= Ush( [{x},{a;}], [{y}, {?/}], e) = [{x,y},{a:,y}] . 

This is not a correct approximation of the concrete result, since: 

ash([{{a;/y}}, {a;, y}]) = [{xy}, {x, y}] gsh [{x, y}, {x, y}] . □ 

This counterexample proves that the abstract unification operator Ush is not 
correct w.r.t. the concrete one Urc. invalidating the Theorem 6.3 in ( Cortesi and 
File 1999 '). The problem can be solved by introducing a stronger check on variable 
clashes, namely by replacing the condition vars(cri) fl vars((T 2 ) = 0 with (vars((Ti) U 
Ui) n (vars(cr 2 ) U U 2 ) = 0 in the definition of Urs, thus obtaining the following 
operator: 

Urs([©1: Ui], [ 02 , C/ 2 ], (5) = [{mgu(cri, (72, <5) | cti £ 0i, (72 G 02 , 

(vars((7i) U C/i) n (vars(cr 2 ) U 1 / 2 ) = 0}, C/i U t/ 2 ] . (43) 

By using instead of Urs, the proof of Theorem 6.3 in ([Cortesi and File 19991) 
becomes valid. 

Theorem 8.3 
Ush is correct w.r.t. 

Proof 

If we look at the proof of Theorem 6.3 in ([Cortesi and File 1999^ . it appears 
that the problem is in the base case of the inductive argument, when i = 0. 
Here, it is stated that given [Ai,Ui\ and [^ 2 , 1 / 2 ] in Sharing with C/i fl C /2 = 0, 
t7i G 7 Sh([Ai, C/i]) for i G {1,2} with vars(CTi) D vars((72) = 0, then it holds 
that [{po},C/o] Ers 7Sh([/?o, C/oj) where po = cn 0 0 - 2 , C/q = C/i U C /2 and i?o = 
Ai U A 2 . However, the substitutions cti = (x/yj G 7 Sh([{x}, {x}]) and (72 = e G 
7Sh([{y}, {y}]) of the previous example make the statement false. On the contrary, 
when is used instead of Urs, then ai and (72 are required to satisfy the 
condition (vars((7i) U C/i) fl (vars((72) U C/ 2 ) = 0. From this, it truly follows that 
[{po}: C/q] = [Wi 0 ( 72 }, C/q] Ers 7Sh([/?o, t(^o])- The inductive case for i > 0 is iden¬ 
tical to that in ([Cortesi and File 1999F since for any A, B € Rsub and S G ISubst 
it holds that U^g(A, B, 5) Crs Urs(A, B,5). □ 
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Observer that, in order to define a real semantics for logic programs, a renaming 



not change. Therefore this flaw does not affect the real analysis of logic programs. 


8.3 Other Related Works 


8.3.1 Backward Unification 

The idea of using a refined operator for computing answer substitutions is not new, 
and may be traced b ack to the frameworks in ([Bruynooghe 1991[ Le Charlier and 
Van Hentenryck 1994). The abstract domains considered in these papers contain 
structural information, freeness, groundness and pair-sharing, but no set-sharing 


information. Working within these frameworks, Hans and Winkler (1992) and King 
and Longley (1995) propose correct abstract operators w.r.t. matching for the do¬ 
main SFL. [Muthukumar and Hermenegildo] (11991111992|) use a refined algorithm for 
backward unification in Sharing, although it is not presented in algebraic form. 
However, to the best of our knowledge, this is the first paper which formally in¬ 
troduces matching from the point of view of a collecting denotational semantics, 
deriving the abstract operator from the concrete one, and proving correctness and 
optimality. Moreover, this is the first paper which presents optimal abstract match¬ 
ing for a domain for set-sharing analysis (see Example 17.31) . 


8.3.2 Forward/Backward Unification and PSD 


Although the usual goal of sharing analyses is to discover the pairs of variables which 
may possibly share. Sharing is a domain that keeps track of set-sharing information. 


Bagnara et al. (20021 propose a new domain, called PSD, which is the complete shell 
(|Giacobazzi et al. 2000|) of pair sharing w.r.t. Sharing. They recognize that, in an 
abstract object [S, U], some sharing groups in S may be redundant as far as pair 
sharing is concerned. Although our forward unification is more precise than the 
standard unification, it could be the case that they have the same precision in PSD. 
This would mean that Ugjj([S'i, C/i], Ai, A 2 ) and U'gj^([S'i, C/i], Ai, A 2 ) only differ 
for redundant sharing groups. However, this is not the case, and Examples l6.2l 1^751 
and l6.l9] show improvements which are still significant in PSD. The same holds for 
backward unification in Example 17.31 It is not clear whether PSD is still complete 
w.r.t. pair-sharing when our specialized operators are used. 


8.3.3 Domains with Freeness and Linearity 

Although the use of freeness and linearity information has been pursued in sev¬ 
eral papers, e.g., ( [Muthukumar and Hermenegildo 1991|[Hans and Winkler 1992j) . 
optimal operators for these domains have never been developed. All the abstract 
unification op erators for SFL. e.sr.. ((M uttnjImmar_and^ Hermenegildo 1992] Hans and 
Winkler 1992: lHill et al. 2004^ . when unifying with a binding {x/t} where neither 
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X nor t are linear, does compute all the star unions. On the contrary, in Ugj^ we 
apply an optimization which is able to avoid some sharing groups (see e.g., Ex¬ 
ample 16.191) . This optimization could be integrated in a domain which explicitly 
contains freeness and linearity information. 

Actually, Hill et al. (2004) include some optimizations for the standard abstract 
unification of SFL which are similar to ours, in the case of a binding {x/t} with x 
linear. In addition, in (jHill et al. 20041 [Howe and King 2003[ ) the authors propose to 
remove the check for independence between x and t. We think it should be possible 
to devise an optimal abstract unification for an enhanced domain including linearity 
information, by combining these improvements with our results. 

A first optimality result is shown in (j Amato and Scozzari 2003)) . which is based 
on a preliminary version of the framework we present here. The authors consider 
two domains for set-sharing and linearity (without freeness), namely the standard 
reduced product of Sharing and linearity, and the domain proposed by King (1994). 
The paper presents the abstract operators for forward unification, which turn out 
to be optimal in the case of a single-binding substitution. These are the only oper¬ 
ators in the literature which are strictly more precise than our optimized forward 
unification operator for Sharing. 


8 . 3.4 Another Optimality Proof 


Codish et al. (2000) provide an alternative approach to the analysis of sharing by 


using set logic programs and ACIl unification. They define abstract operators which 
are proved to be correct and optimal, and examine the relationship between set 
substitutions and Sharing, proving that they are essentially isomorphic. However, 
they do not extend this correspondence to the abstract operators, so that a proof 
of optimality of Ugj^ w.r.t. Up^ starting from their results should be feasible but it 
is not immediate. Moreover, since they provide a goal-independent analysis, they 
do not have different operators for forward and backward unification. 


9 Conclusions 


We think that there are three major contributions in this paper. 


We integrate the framework of Cortesi et al. (1996) with several different 


proposals appeared in the literature for goal-dependent analysis of logic pro¬ 
grams. We give formal proofs of the correctness of the resulting analysis and 
of optimality of the abstract operators. The aim is to clarify the relationships 
between these proposals and to provide a clear guidance for the development 
of static analysis for logic programs. 

We introduce a new concrete domain of equivalence classes of substitutions 
which address the problem of variable clashes by taking into account sets 
of variables of interest. This problem has been considered by many authors 
but, in our opinion, none of them fully developed a corresponding theory of 


substitutions, in the style of Palamidessi (1990). 
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• Our definition of abstract forward unification sheds new light on the role of 
freeness and linearity information, suggesting new optimizations which can 
also be used in more powerful domains such as SFL. 


Although sharing analysis with more complex domains, including freeness and 
linearity information, will likely be more precise than the analysis performed with 
Sharing in our optimized framework, we think that this article may be a guideline 
for developing new analysis for logic programs. The main ideas contained in this 
paper are not tied to the abstract domain in use. The framework we propose may 
be instantiated with more precise abstract domains to further improve the result of 
the abstract analysis. Moreover, the algorithm for the abstract forward unification 
can be easily slotted into other analysis frameworks based on different concrete 
semantics, including goal-independent ones. 

To the best of our knowledge, this is the first work which optimizes the abstract 
forward unification for sharing analysis using freeness and linearity information 
implicitly, i.e., without using a domain which contains such information. 

This is also the first work where an abstract backward unification operator using 
matching is proved to be optimal. We have shown that, to the best of our knowledge, 
all the abstract backward unification operators proposed so far for Sharing or more 
powerful domains (|Hans and Winkler 19921 King and Longley 1995 Muthukumar 
and Hermenegildo 1992) were not optimal. ' 

As a future work, we think that our results could be easily generalized for de¬ 
signing optimal unification operators for more complex domains possibly including 
linearity, freeness and structural information. Preliminary results have appeared in 
(| Amato and Scozzari 200^ . Moreover, the problem of efficiently implementing the 
refined backward unification could be addressed. 


A Correctness of the Goal-Dependent Collecting Semantics 

In this appendix we provide a tedious proof that the collecting semantics we define 
is correct w.r.t. computed answers. We begin by formally introducing a notation 
for SLD-derivations, following ( [Lloyd 1987[ [Apt 1990| ). Given a goal G = gi... gk 
and a clause cl = H B such that vars(G) fl vars(cl) = 0, we write 

G ^ {gi...gi-iBgi+i...gk)a (Al) 

a 

when cr = mgu( 5 i, H). Given a goal G and a program P, an SLD-derivation of G 
in P is given by a sequence of clauses cli,..., cln and idempotent substitutions 
CTi,..., (Tn, such that 

G Gi ^ ^ , (A2) 

(7l <72 <7n 

where each cU is the renaming of a clause in P apart from G, cli, ..., clt-i. The 
goal Gn is called the end-goal, n is the length of the derivation and ((T„ o cr„_i o 
• • •0(T2 0 0’i)|vars(G) IS the (partial) computed answer. An SLD-refutation is an SLD- 
derivation with the empty end-goal (denoted by □). A leftmost SLD-derivation is 
an SLD-derivation where we always rewrite the leftmost atom in the goal (i.e., such 
that i = 1 at every step in (|Aip i. 
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We write G ^ G' to denote an SLD-derivation with end-goal G' and partial 

(7 

computed answer a. We also write G G' to denote an SLD-derivation with 

(7 

end-goal G', partial computed answer cr and whose length is less or equal then i. 
A substitution cr is a computed answer for G in P if there is an SLD-refutation 

G An. 

(7 

In this appendix we will prove the relationship between the set of computed 
answers for P and its collecting semantics P|P]|. 


A.l Relevant Denotations 

We have defined a denotation as a continuous map in Atoms —> Psub A Psub. We 
now want to characterize the denotations which may arise as the results of our 
collecting semantics. 

Definition A.l 

A denotation d & Ven is said to be relevant when 

• d is strict, i.e., dAAps = -Lps ; 

• dA[A,V] is either _Lps or [A',V U vars(A)] for some A'. 

Note that the least denotation AA.A[A, y].±ps is relevant. A relevant denotation is 
well-behaved, in the sense that either it does not say anything, or gives information 
for all and only the variables which occur in the atom A and the entry substitution 
[A,F]. 

Proposition A.2 
If d is relevant, then 

1. BlBidAps = Ap,; 

2. P|P]|(i[A,y] is either ±Ps or [A',V Uvars(P)] for some A'; 

3. C{Ft ^ B^d is relevant; 

4. PIP] is relevant. 


Proof 

The first two points easily follow by induction on the structure of the body B. For 
the third point, consider the definition of C. Note that 

lj(,^{x,A,H) = 7rps(unifps(p(a;),mgu(p(A) = P)),vars(P)) . 

Since vars(/9(A)) is disjoint from FI by definition of p, and since we consider relevant 
mgus, then either vars(mgu(/9(A) = H)) = vars(p(A)) U vars(P) or mgu(/9(A) = 
P) = _L. In the latter case, C|P <— B\dA = Tpg, otherwise Upg(a;,A,P) = 
[A', vars(P)] for some A'. By the previous point, we have that P|P]d(Upg(x, A, Ft)) 
is either _Lps or [A",vars(P) U vars(P)] for some A". In the first case, C|P <— 
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BjdA = _Lps, otherwise, assuming x = [0,14], we have 

ClH <— B\dAx = Ups([A", vars(iJ) U vars(i?)], a;, i/, A) = 

TTps ^matchps(p([A", vars(-ff) U vars(-B)]), 

unifps([0,14],mgu(p(iJ) = A))),V Uvars(A)^ . 

For the same reason explained above, and since we can ignore the case in which p{H) 
and A do not unify, we have that unifps([0, V],Tog\x{p[H) = A)) = [0', V Uvars(A)] 
and therefore 

7rps(matchps(p([A", vars(i?) U vars(i3)]), [0^ 14 U vars(^)]), 14 Uvars(A)) = 

[0", 14 U vars(^)] , 

which is what we wanted to prove. 

The forth point follows by the fact that, given the proof of the third point, C|c/]c? 
is relevant for each clause cl, and that least upper bound of relevant denotations 
are easily seen to be relevant. □ 

A.2 Unused variables 


Definition A.3 

Given [(j)\v G ISubst^ and a; S V, we say that x is unused in [(jfv when = 
mgu(7rv\{,,}([0]y), [e]{3,}). 

First of all, note that this definition does not depend on the choice of represen¬ 
tatives. If a variable x is unused in [^f>]y, it means that [(jf\v does not constraint 
in any way its value. In other words, x is free and independent from all the other 
variables in 14. This is made clear by the following characterization: 

Proposition A.4 

The variable a: G 14 is unused in [(j)\v iff it is free and independent in 
Proof 

If X is free and independent in [</>] y, we may assume without loss of generality that 
X ^ vars((/)). Let V = V\ {a;}. We have that 

mgu(7ry/([(/)]y), [e]{,^}) = mgu([(/)]y/, = [(l>\v']v = [(l>]v , 

which proves that x is unused. On the other hand, assume is a canonical repre¬ 
sentative and mgu([(/)]y/, [e]{a;}) = [(/'Jy. Then (j)\yi ~y cj). It is obvious that x is free 
and independent in [(/)|y']y = since x ^ dom((^|y/) and x ^ rng(0). □ 

A.3 ISubstr^ and composition 

The operations described in Section 15?^ are those required to provide a collecting 
semantics for logic programs over the domain ISubst,^. Note that we do not define 
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any notion of composition, although it plays a central role with the standard sub¬ 
stitutions. Actually, composition cannot be defined in our framework since, given 
any element of ISubst^, variables not of interest are considered up to renaming 
only, and therefore cannot be named. Nonetheless, in order to prove the equiva¬ 
lence between the standard semantics based on SLD-resolution and our collecting 
semantics, we will need to relate the composition of substitutions with unification 
in ISubst^. 

Lemma A.5 

(Composition Lemma) Let cri,(T 2 ,o '3 S Subst, U,V G p/(V). Then it holds that: 
mgu([(T 3 o (j2](7, [ 0-2 o ai]v) = [<J3 o CT 2 o ai]uuv 

provided that: 

• dom(cri) n 17 = 0; 

• if y e cr 2 (cri(T^)) \ a 2 {cri{U n V)) then y ^ dom(cr 3 ) U cr3(o'2(17)). 

Proof 

Let 0 S [(73 o a 2 ]u, ly G [ct 2 o ai]v be canonical representatives such that (vars(0) U 
U) n (vars(7y) A V) C 17 fl C. By definition, there exist p,p' G Ren such that 
9 = {p' o as o a 2 )\u and p = {p o a 2 o (Ti)|y. 

Then mgu([CT 3 o a 2 ]u, W 2 o cri]y) = [mgu(0, y)]f 7 uv- It holds that mgu(0,7y) = 
mgu(y(Eq(0))) o p. It follows that p(Eq{0)) = {p{x) = p{0{x)) \ x G U} = {p(x) = 
9{x) \ X G U} since 0 is a canonical representative, li x G U GV, then p{x) = 
9(x) becomes p o 02 o ai(x) = p' o as o a 2 (x) which is p o a 2 {x) = p' o as o a 2 {x) 
since dom((Ti) n 17 = 0 by hypothesis. Thus {p{x) — 9{x) \ x G U CiV} and 
{p{y) = p' ° ^s{y) I 2/ G (72(C n F)} have the same set of solutions, li x then 
{7y(x) = 9{x) \xGU\V} = {x = 9{x) \xGU\V}. 

Now S = {p{y)/p'ocr 3 {y) I y G a 2 {UC\V)]yj{x/9{x) \ x G U\V} is an idempotent 
substitution. Actually, all the p(i/)’s are distinct variables and different from U\V 
therefore d is a substitution. Moreover, dom((5) C va,Ts{p{V)) U (17 \ F) is disjoint 
from rng(^) = vars(0(17)). 

Let p" be the substitution 


( p'{x) 

if X e ( 73 ( 72 ( 17 ) 

II 

if X e a2(ai(V)) \ a2(ai(U n V)) 

1 X 

otherwise 


Note that, thanks to the second hypothesis of the lemma, we are sure that the 
first and second case in the definition of p" may not occur together. We want to 
prove that 6{p{x)) = p"{as{a 2 {ai{x)))) for each x G U L) V. Since p" restricted 
to vars(( 73 (( 72 (( 7 i(t 7 U V)))) is an injective map from variables to variables, by 
Lemma 13.41 this implies 6 o p '^uuv (73 o (72 o cri, which is the statement of the 
theorem. 

Thus if X £ U \ V then p{x) = x and S{p{x)) = 9{x) = p'(as(a 2 (x))) = 
p"{o's(a 2 (x))) = p"{as(a 2 {ai(x)))) since dom(( 7 i) n 17 = 0 and by definition of 
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If X £ U nV then S{r]{x)) = S{p{a2{x))) since dom(tTi) n ?7 = 0 and thus 
S{r]{x)) = p'((T3((T2(x))), which is equal to p"{a3{a2{(Ji{x)))) since dom((Ti)n {7 = 0 
and by definition of p”. 

If X G V\U then S{r]{x)) = S{p{a2cri{x))). Let y £ vars(cr2(CTi(x))). If we assume 
that y £ vars(CT2(C/ fl V)), then 6 {p{y)) = p'{a3{y)) = p"{<J3{y)) by definition of 
S and p". li y i vars(CT2(C/ n V)) then Sip{y)) = p{y) = p”{y) = p"{a3{y)) by 
definition of p" and the second condition in the theorem. In both cases we obtain 
Hp{y)) — P"{’^ 3 {{y))) fo'' ®^ch y £ vars(CT2(cri(x))). Therefore, for each x G U CiV, 
S{r]{x)) = d(p(CT2(cri(x)))) = / 9 "(tT 3 (CT 2 (cri(x)))) and this concludes the proof. □ 

A.4 Proof of Correctness 

Let Dp be defined as Ad. | cZ £ P} and let Dp be the z-th iteration of 

Dp with Pp = AA.Ax._Lps. Note that Dp = P|P]| and Dp is relevant for each i. 

Lemma A .6 

(Correctness Lemma) Let z £ N, [(^]y £ ISubstr^, G £ Bodies and P £ Progs. If 
MeuG = Rigu([<(>]v, [ejc) and G(j) — + □ is a leftmost SLD-refutation, with at most 

(T 

z steps, where all clauses are renamed apart from V^ G, (j) and the program P, then 
BlG\D^p[{m,V] Aps [{[ao,^]},yUvars(G)]. 

Remark A. 7 

The condition [0]yuG = ingu([^]y, [ejc) is used to check that the chosen represen¬ 
tative (j) does not bind any variable in vars(G) \ V. All the variables in vars(G) \ V 
are forced to be unused, according to Definition IA.3I 

Remark A .8 

The theorem probably holds under weaker conditions on the variables of the SLD- 
resolution. However, proving the result in this case would be more difficult. Since 
the obtained generalization is not very interesting, we valued that it was not worth 
the effort. 

Proof 

The proof is by double induction on z and on the structure of the goal G. Assume 
fixed $ = {[^]y} such that [((>]vuG = nigu([0]y, [ejc)- 

We start with the case z = 0. The only SLD-refutation of length 0 is the SLD- 
derivation for the empty goal □, whose computed answer substitution is e. In the 
collecting semantics, we have P|n]Pp[{[0]}, H] = [{[</']}, H] = [{[e o </']}, which 
is the required result. 

If z > 0, assume the lemma holds for all j < i and we prove it for z, by induction 
on the structure of goals. The case for the empty goal has been already examined, so 
we assume G = A,G' where A is an atom. To ease the exposition, we first consider 
the atomic case where G' = □ and then we analyze the general one. 

Atomic goal. Given the not-empty SLD-derivation G(j) □, we may decompose 

<7 

it as: 

<7l (72 
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where cl = F[ ^ Ci... C„ is a program clause, cti = mgu(G'(/), Hp) and p is a 
renaming of cl apart from G, V, </> and the program P. Note that this implies the 
standard renaming condition for SLD-resolutions, i.e., that p{cl) is renamed apart 
from Gcj). Since G is atomic, then 

BlGlD^pi^, F] = D^pG[^, y] ClH^Ci... CnWf^G[^, F] , 

which, in turn, is equal to V],G, H)), [$, V],H, G). 

We know that 

Up,([{[(/>]}, V],G, H) = 7rps(mgu(p'([()i]y), [mgu(p (G) = i7)]p/(G)uff), vars(i7)) 

where p' is any renaming such that p'(vars(G) UF) nvars(i7) = 0. We can choose as 
p' the renaming p~^ since p(vars(c^)) fl vars(G) = 0 and p(vars(c?)) n F = 0 implies 
that p“^(vars(G) U F) fl vars(iJ) = 0. In turn, this implies that 

vngn{p'{[(j)]v), [mgu(p'(G) = i?)]p/(G)uff) 

= p"^(mgu([0]y, [mgu(G = p(i?))]Gup(ff)) 

= p~^{mgu{[(j)]v, [mgu(G = p(i?))]Gup(ff), Hg)) 

= P"^(mgu([(?i]yuG, [mgu(G = p{H))]gup{h)) 

= P"^([mgu(<?i,mgu(G = p(i/)))]yuGup(ff)) ■ 

The last pass is only valid when (F U vars(G) Uvars((/))) fl (vars(G) U vars(p(-ff)) C 
(F U vars(G)) fl (vars(G) U vars(p(-ff))) = vars(G). This is the case since vais{<j)) fl 
p(vars(c/)) = 0, thanks to our choice of p. 

By standard properties of substitutions, we obtain: 

p"^([mgu(^,mgu(G = p(i?)))]yuGUp(ff)) 

= = {p{H))4') o ^]yuGup(ff)) 

= P"^([mgu(G()ii = p{H)) o ^]yuGup(ff)) 

= O (/)]yuGUp(ff)) ) 

since vars((/)) n vars(p(i/)) = 0. For the same reason, aiO(j) ~vars(p(if)) It follows 
that 

P ^{(^1 ° (!>) P ^(0'l)=P ^ O O-l O P ~vars(ff) O-l O P ■ 

Therefore Upg([{[^]}, F], G, i/) = [{[ai o p]}, vars(-ff)] and 

VUBIGi ... F], G, H)), [$, V],H, G) ^p, 

U^,(I3IGi.. .G„p^-i[{[ai o p]}, vars(i/)], [$, V],H, G) . 

Note that the SLD resolution (Gi... G„)pCTi □ can be seen as (Gi ... G„)((Ti o 

a'2 

p) —> □. In order to apply the inductive hypothesis on the latter derivation, we 
a'2 

need to verify that [ui o p]vars(cO = mgu([cri o p]vars(ff), [e]vars(Ci...C„))- By defini¬ 
tion (Ti o p = mgu(G(/), Hp) o p. Moreover, since p(vars(cl)) D vars(G0) = 0 and 
p(vars(c^)) n vars(iJp) = vars(i7p), it follows that for all v € p(vars(c^) \ vars(iJ)), 
V ^ vars(CTi). Hence, for each v € vars(c?) \ vars(iJ), CTi(p(u)) = p(v). Moreover, if 
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p{v) occurs in (cti o p){x) for some x, then p(v) occurs in p(x) and this is only pos¬ 
sible iix = v. By Prop. IA.41 this proves that mgu([tTi o yo]vars(ff), [e]vars(Ci...C„)) = 
[cti o /9]vars(ci)- Thus, by inductive hypothesis, we have that: 

VUBICi ... O p]}, vars(i?)], [$, VfH, G) 

Ups([{[o -2 ocTi op]},vars(cZ)], [$,]/], i7,G) . 

We know that unifps([{[(/)]}, T^], mgu(p(i/) = G)) = [{[(Ti o (fW.V U vars(G) U 
vais{p{H))]. Therefore, choosing p as the renaming for Up^, we obtain 

matchps(p([{[(T 2 o tJi o p]}, vars(cZ)]), [{[ci o (j)]}, V U vars(G) U vars(p(i7))]) 

= matchps([{[po (72 o cri]}, vars(p(cO)]), [{[(Ti o 4‘]},V U vars(G) U vars(p(i7))]) 

= matchps([{[cr 2 o cti]}, vars(p(c?))]), [{[ci o(l)]},V U vars(G) U vars(p(i/))]) . 

Since vars(p(cZ))n(y Uvars(G)Uvars(p(i7))) = vars(p(i/)) and a 20 cri ^vars(p(i?)) 
ai o (j) (being vars(0) ft vars(p(i?)) = 0), it holds: 

matchps([{[(j 2 o (Ti]}, vars(p(c;))]), [{[(Ti ocj)\},V U vars(G) U vars(p(i7))]) = 

[mgu([cr 2 O (7i]p(cj), [cti o (j)]vuGupiH)), V U vars(G) U vars(p(i?))] 

We would like to apply the Composition Lemma lLemma lA.51) to this unification. 
We need to check that: 

• dom(^) n p{cl) = 0; 

• y G cri(j){V U vars(G) U p{H)) \ ai(j){p{H)) then y ^ dom((T 2 ) U a 2 (Ti{p{cl)). 

The first property trivially follows by the hypothesis that p renames cl apart from 
(j). For the second condition, note that, since ai = mgu{G(j), Hp), if y G ai{(j){G)) 
then y G ai{p{H)) = ai{4>{p{H))). Therefore y G U vars(G))) \ (Ti((()(p(iL))) 

iff y G ai{(j){y \ G)) = (j){V \ G). However, since such a variable does not appear in 
the initial goal of the SLD-resolution G(j) and since the resolution is renamed apart 
from (j), it happens that it does not appear in vars((T 2 ), and thus in dom((T 2 ). We 
now show that y ^ a 2 (cri(p(cl))). By hypothesis, y ^ ai((/>(p(cl))), and since p(cl) 
is renamed apart from (p, it follows that y ^ ((Ji (p(cZ))). Moreover, as we have seen 
before, y ^ vars((T 2 ), hence y ^ vars((T 2 (cri(p(cZ)))). 

It turns out that we may apply the Composition Lemma fLemma lA.511 and we 
obtain 


[mgu([(T2 o cri]pici), Wi ° (l}]vuGup{H)), V U vars(G) U vars(p(iL))] = 

[{(72 o ai o (()}, p(cl) U y U G ] 


By projecting on G U H we obtain 

S[G]G^[$, y] ^p, [{(72 O (71 o P]}, y u vars(G)] , 


which concludes the proof of the atomic case. 

Non-atomic goal. In this case, decompose the (leftmost) SLD-resolution for G = 
A, G' in the following way: 
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where both the sub-derivations have length strictly less than i. Note that, since the 
complete derivation is renamed apart from V, G, 4> and the program P, the same 
holds for the first sub-derivation. Moreover, since [</>]vuG = nigu([0]y, [ejc), each 
u S A is free and independent in [^]yuGj i-e., [</>]yuA = mgu([^]y, [cJa)- Therefore, 
we may apply what proved in the atomic case above, obtaining 

DpA[^, V] □ps [{tTi o (/)}, y U vars(A)] . 

The second sub-derivation in (jA3p is renamed apart from 

• V since the complete derivation is renamed apart from V ; 

• A and G' since the complete derivation is renamed apart from G; 

• ai o (j) since the complete derivation is renamed apart from (j) and the second 
part is renamed apart from cti; 

• P, since the complete derivation is renamed apart from P. 

Moreover, assume x S vars(G')\vars(yuA) and x ^ y £ vars(yuG). By hypothesis, 
[4>]v\jG = ingu([(^]y, [e]G)j which implies that 4>{x) S V and 4'(x) ^ vars((^(?/)). Since 
vars(cri) = WUX where IT is a fresh set of variables disjoint from TUG and (p and 
X C vars(A(/)), it happens that (j){x) ^ vars(cri). Therefore ai{(j){x)) = (j){x) and 
(j){x) ^ vars(cri((/)(?/))). This implies that [cri o (j)]vuG = mgu([(Ti o (j)]vuA, Hg') by 
Prop. IA.4I This means that we may apply the inductive hypothesis on the second 
sub-derivation, obtaining: 

BlG'lDp[{ai o 4>}, V U vars(A)] □ps [{a 2 o cti o (/)}, V U vars(G)] . 

Since B\A,G'\Dp[^,V] = B\G'\D^p{D^pA[^,V]) by the above disequalities and 
monotonicity of B^ we obtain 

BIA, G'\D^p[<^, y] Dp, [{(72 o ai o y u vars(G)] . 

which concludes the proof. □ 

Now we may use standard properties of SLD-resolution together with Lemma lA.6l 
to prove the required correctness theorem. 

Theorem A.9 

(Semantic Correctness) Given a program P and an goal G, if 6* is a computed 
answer for the goal G, then 

fi|Gl(iP|P]|)G[{e},vars(G)] ^p^ [{[6»]},vars(G)] . 


Proof 

If 0 is a computed answer for a goal G, and p is a renaming, then O' = (po0)|.^,ars(G) is 

a computed answer too ( |Apt 1990| ) and 9 ~vars(G) Consider any such O' with the 

property that vars(0') n vars(P) = 0 and let G ^ □ be a leftmost SLD-resolution 

O' 

for 9'. Since there exists a leftmost SLD-resolution G ^ □ which is renamed apart 

0 ' 

from P, then, by Lemma rA.61 the thesis follows. □ 


B Correctness of Forward Unification 
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Lemma B.l 

Given S,a G Subst, u G V, it is the case that occ[5 o a,v) = occ{a, occ(S, v)). 

Proof 

By definition, x G occ{6 o a,v) iS v G 6{a{x)), i.e., there exists w G V such that 
w G o'{x) and v G S{w). In other words, x G occ(S o a,v) iff there exists w G V 
s.t. w G occ(S,v) and x G occ(a,w) iff a; G occ(a, occ(S,v)). □ 

Proposition B.2 

Let t G Terms, a G Subst and U G pf{V) such that vars(t) C U. Let ash([o’]( 7 ) Esh 
[S', U]. Then the following property holds: 

Vw G V.v G vaxs{ta) occ(a,v) HU G rel(S,t) . 


Proof 

Note that v G vars(to') iff 3u G t such that v G a(u). In turn, this holds iff G < 
s.t. u G occ(a, v) iff occ(a, v)nvars(t) ^%iff (occ((j, v) n G) n vars(t) ^ 0. Note that 
X = occ(cr, v) nU G S and therefore X n vars(f) ^ 0 iff X G rel(S, t) by definition 
of rel. □ 

Proposition B.3 

Let [cr]u G ISubst^, {^/t} G ISubst such that vars({a:/t}) C U and a and {x/t} 
unify. If Q:sh([o']( 7 ]) Esh [S, U] and 5 = mgu(a:(T = ta), we obtain: 

ash(mgu([cr]£/, [x/f\u)) Esh[(S \ (rel(S, x) U rel(S, t))) 

U {occ((T, occ(S, v)) nU \ V G vars(a;(T = ta)}, U] . 


Proof 

Since vars({a:/t}) C U, we have nigu([cr]fy/tjy) = [ragVL{a, {x/t})\u■ Then, by 
definition of 5, it holds that mgu(cr, x = t) = mgu(Eq(CT) U xa = ta) = mgu(a:cr = 
ta) oa = Soa (|Palamidessi I990l Prop. 6.1). Therefore, we only need to show that: 

ash([(5 o a]u) Esh [(S \ (rel(S, x) U rel(S, t))) 

[d1) 

U {occ(a, occ{S,v)) CiU \ v G vaTs{xa = ta)}, U] . 

By definition of ash, we have to show that, for all v G V, occ{S o a, v) nU G 
(S \ (rel(S, x) U rel(S, t))) U {occ{a, occ{S, v)) CiU \ v G vars(xcr = ta)}. Let v G V. 
We have the following cases: 

• V G vaTs{xa = ta): by Lemma FB. 11 {occ{S o a,v) nU \ v G vaTs{xa = ta)} = 
{occ{a, occ(S,v)) nU \ V G vars(x(T = ta)}. 

• V ^ vaTs{xa = ta): thus v ^ vars(i5) and occ{5oa, v) = occ{a, v). We know that 
occ{a, v)fMJ G S, by definition of S. Moreover, we show that occ{a, v) HU ^ 
rel(S, a;) U rel(S, t). Since v ^ vars(a:o- = ta), we can apply Prop. [R^ twice 
to the terms x and t, and obtain occ{a, v) HU ^ rel(S, x) U rel(S, t). 

By collecting the results of the two cases. Equation (IBII) is proved. □ 
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Proposition B.J^ 

Let [cr]u G ISubstr^, {^/t} G ISubst such that vars({a;/t}) C U and a and {x/t} 
unify. If ash([o']( 7 ) Esh [<5, U] and x is free and independent from U in [cr]( 7 , then: 

ash(mgu([(T](7, [x/t]u)) 

Esh [(S' \ (rel(S, x) U rel(S, t))) U bin(rel(S, x), rel(S, t)), U] . 


Proof 

First of all note that, without loss of generality, we may assume x ^ vars((T). Then, 
by ProD lB.31 we have that: 

ash(mgu([cr]c/, [x/t]u)) Esh[(S \ (rel(S, a;) U rel(S, t))) 

U {occ((T, occ{S, v)) n C/ |g vars{a:cr = ta)}, U] , 

where S = mgu(a;cr = ta). Since x ^ vars((T), we have that xa = ta is equal to 
X = ta. Moreover, x ^ vars(tcr) since x ^ vars(t) and x ^ vars(cr) by hypothesis. 
Thus 5 = mgu(a; = ta) = {x/ta}. It follows that vars(a;cr = ta) = {cc} U vars(tcr). 
Therefore, the following equalities hold: 

{occ((T, occ(S,v)) r\U \ v € vars(a;cr = ter)} 

= {occ{a, occ{6,v)) HU \ v G {a;} U vars(tcr)} 

= {occ{a, occ{S,v)) nU \ V £ vars(ttT)} [since x £ dom(5), occ{S,x) = 0] 

= {occ{a, {a:, u}) GU \v £ vars(ttT)} [since & = {x/ta}\ 

= {(occ(cr, a:) U occ(a,v)) r\U \ v £ vars(tCT)} 

= {({a:} U occ(a, v)) GU \ v £ vars(ttT)} [since x ^ vars(cr)] 

Moreover, for each v £ vars(tcr), by Prop. IB. 21 it holds that occ(cr, u) GU £ 
rel(S, t). Therefore, {({a:}Uocc(cr, u))nC/ | v £ vars(tcr)} C bin({a:}, rel(S, t)). Since 
X ^ vars(tT) and x £ U, it follows that occ{a,x) = {x} and thus {x} £ rel(S, x) 
being ash([o'];7) Esh [S, C/]. As a consequence bin({x}, rel(S, t)) C bin(rel(S, x), 
rel(S, t)) from which it follows that ash([nigu(Eq(cr)Ux = t)]u) Esh [(S\(rel(S, x)U 
rel(S, t))) U bin(rel(S, x), rel(S, <)), U]. □ 

Proposition B.5 

Given s,t £ Terms and W,Y £ p/(V) such that s and t unify, vars(s = t) C W and 
Y C uvars(s = t), then 6 = mgu(s = t) enjoys the following properties: 

1. Vu £ vars(s). occ(d, v) fl vars(s) 7 ^ 0 occ(d, v) fl vars(<) 7 ^ 0 , 

2. Vu G vars(s). occ{S, v) fl vars(s) A {xi, X 2 } A xi 7 ^ X 2 occ(i5, u) fl Z 7 ^ 0 . 

where Z = vars(t) \ Y. 

Proof 

We prove the two points separately. 

1. If occ{6,v) n vars(s) 7 ^ 0 then v ^ dom(5) and therefore v £ (5(s). Since 6 is 

an unifier for s and t, it should be u £ 5(<), and therefore there exists y £ t 

such that y £ occ(S, v). 
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2. First of all, note that, given two terms s and t in a given signature S, the 
result of mgu(s = t) does not change if we enlarge E with a new constant 
symbol. Therefore, assume without loss of generality that there is a constant 
symbol a in the signature. The proof proceeds by contradiction. 

Assume that there exist Xi,X 2 S vars(s), v €W such that Xi,X 2 S occ(S,v) 
and occ(S, v)nZ = 0. Let a = {x = a \ x G W} and consider the substitution 
6' = {z/{5{z))a I z £ Z}. Note that this is an idempotent substitution since it 
is ground. Now consider 5" = mgu(Eq(5) U Eq((5')), which clearly exists and, 
by definition of 5', is 5" = {x/a \ x G vars((5(Z'))} o <5. Therefore, occ{S", v) = 
occ{S, v) because v ^ vars((5(Z)) being occ(S, v) (1 Z = 0. 

Moreover, S" = mgu(Eq(^) U Eq((5')) = mgu({s = t} U Eq((5')) = mgu(s(5' = 
tS') o S' = S' mgu(s(5' = tS'). By definition of S', it holds that vaTs(tS') fl 
Z = 0, and thus vars(M') C Y. From the definition of V it follows that 
vars(tS') C uvars(s = t), and thus vars(tS') C uvars(s(5' = tS'), since rng(^') = 
0. Therefore the term tS' is linear and independent from sS' and occ(mgu(s(5' = 
tS'), v) = occ(mgu(s5' = tS') W S', v) = occ(S, v). 

If we apply the result for linear and independent terms, e.g., ( [King 2000} 
Prop. 3.1), we obtain an absurd, since it is not possible that both xi and X 2 
are elements of occ(mgu(s(5' = tS'),v). 

This concludes the proof. □ 


Proposition B.6 

Let [cr]u £ ISubst^, {x/t} £ ISubst such that vars({a;/t}) C U and a and {x/t} 
unify. Given Y C vars(t) such that, for all y G Y, vars(cr(j/)) C uvars(a:fT = ta), if 
ash([o-]c/) Esh [S, U] then 

ash(mgu([cr]j/, [x/t]u)) Esh [(-S' \ (re^A, t) U rel(S', x))) 

U bin(rel(S', x), rel(5', E)*) U bin(rel(5', x)*, rel(S', Z)*) 

U bin(bin(rel(5', x)*, re^S*, Z)*), re^S*, Y)*), U] , 

where Z = vars(t) \ Y. 


Proof 

By Prop. IB. 31 we have that 

ash(mgu([cr]; 7 , [x/t]u)) Esh[(S' \ (rel(5', x) U rel(S', t))) 

U {occ(cr, occ(S,v)) nU \ V G vars(xcr = ta)}, U] , 

where S = mgu(xcr = ta). We show that 

{occ{a, occ{S, u)) OU \v G vars(x(T = ta)} 

C bin(rel(5', x), rel(S', Y)*) U bin(rel(S', x)*, re^A, Z)*) 

U bin(bin(rel(S', x)*, re^^, Z)*), rel)^, Y)*) U {0} , 

from which the thesis follows. The following equalities hold, for all v G vars(xa = 
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ta). 

occ(a, occ(S, v)) n U 
= lJ{occ(cr, w) nU \ w £ occ(S, i;)} 

= 1J{occ(cr, w) n G I w G occ(S, v) fl vars(a;(T)} 

G{J{occ{a,w) n t/ I w G occ{6,v) nvars(tcr)} 

[[by partitioning the variables in occ{S, v) C vars((5) U {n}]] 

By applying Prop. IB.51 CD to the equation xa = ter we get occ{S, v) fl vars(x(T) ^ 0 
iff occ{6,v) nvars(tcr) ^ 0. Since the case occ{S,v) = 0 is trivial, it only remain to 
consider the case occ(S,v) ^ 0 which implies occ{S,v) fl vars(tCT) 0 occ{S,v) n 
vars(x(T). In the following, let A = [j{occ{a, w) nU \ w £ occ{S, v) fl vars(a;(T)} and 
B = 1J{occ(cr, ty)nC/ I w £ occ(d, v)nvars(tcr)}. Note that, bv Prop. IB.21 occ(cr,w)n 
U £ rel(S', {x}) if tc G vars(xa) and x £ G, which implies A £ re^S", {x})*. For the 
same reason, B £ rel(S, vars(t))*, i.e., 

occ{a, occ(S, v)) nG £ bin(rel(S', {x})*, re^S”, vars(t))*) , 

which is the standard result for abstract unification without considering freeness or 
linearity. We can do better if we proceed by cases on occ(S, v) fl vars(tcr). 

occ{6, v) n vars(tcr) C vars((T(W)) Let Z' = vars(tcr)\vars(cr(F)) it follows that 
occ(S, v) n Z' = 0. Therefore, by Prop. IB.5H^ applied to the terms xa and ta, 
we have that ^Xi,X 2 G vars(x(7) such that xi,X 2 G occ{S,v). Since occ{5,v) fl 
vars(xfT) ^ 0, it follows that there exists x' G vars(x(T) such that occ(S,v) D 
vars(xfT) = {x'}. This implies that A £ rel(S', {x}). Moreover, by Prop. [B]2] 
applied to the set of variables Y, B £ rel(S', F)* and this proves 

occ{a, occ{5, v)) nG £ bin(rel(S', {x}), re^S”, F)*) . 

otherwise We are in the case that occ{S, v)nvais(ta) ^ vars((T(F)), i.e., occ(S, x)n 
vars(cr(Z)) ^ 0. Therefore, there exists w £ occ(S,v) n vars(cr(Z)) and using 
Prop. |R2l we have that occ(a, w) n G £ rel(S', Z). This implies that B £ {Bi U 
.. .BnLiCiU .. .Cp I Bi £ re^S”, F), n >0,Ci £ rel(S', Z),p > 1} = rel(S', Z)* U 
bin(rel(S', F)*, re^S”, Z)*). As a final result we have that: 

occ{a, occ{S, v)) nG £ bin(rel(S', {x})*, rel(S', Z)* U bin(rel(S', F)*, rel(S', Z)*)) 
= bin(rel(S', {x})*, rel(S', Z)*)U 
bin(bin(rel(S', {x})*, re^S*, Z)*), rel{S, F)*) , 
which proves the theorem. □ 

Lemma B. 1 

Let [cr] ISubst^, 0 £ ISuhst such that vars(0) C V and a and 0 unify. Assume 
given G CV such that, for each x £G, 

1. X is free in [erjy; 

2. X is independent from vars(0) in [a]v', 

3. if X G dom(6*) then x is independent in [a]v- 

If ashCMv) Esh [S, V] then ash(mgu([cr]y, [6»]v)) Esh [ul^^{S,G,0),V]. 
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Proof 

The proof is by induction on |dom(0)|. Assume |dom(0)| = 0, then 6 = e and 
ash(mgu([cr]y, [e]v)) = ash([o-]y) Csh [S, V] = [u4(S', U, e), V]. 

Now assume that it holds for |dom(0)| < n and we show it holds for |dom(0)| = 
n + 1, too. Let 9 be 9' ^ {x/t}. We distinguish two cases: either x gU or x ^U. 

1. {x G U) By definition of Ugj^ we have that 

= Ugj^((5' \ (re^S, x) U rel(S', t))) U bin(rel(S', cc), rel(S', t)), U \ {cc}, 9') . 

Since x G U Ci dom(0), by hypothesis x is free and independent in [cr]y. Thus 
we can apply Prop. [BT^ from which we obtain that: 

ash(mgu([cr]y, [x/t]v)) 

Esh [S' \ (rel(S, x) U rel(S, t)) U bin(rel(S, x), rel(S, <)), V] . 

Let [<j'\v = mgu([CT]y, [x/t\v) and U' = U \ {x}. We may assume without 
loss of generality that vars(cr) fl 17 = 0 and we obtain a' = mgu(Eq(tT) U {x = 
f}) = CTttl{x/tcr}. Given u G U', we have cr'(u) = cr{u) = u GV, hence u is free 
in [cr]y. If u ^ V £ vars(0'), then x ^ x and therefore u ^ cr'(x) = cr{v). Thus 
u is independent from vars(0') in [cr'Jy. Moreover, if u £ dom(0'), then u x, 
u ^ t and u ^ vars{a), and therefore u ^ vars(tT') C vars(cr) U vars(x = t). 
This means that u is independent in [cr']( 7 . Therefore, by inductive hypothesis, 

ash(mgu([(T]y, [6»]y)) = Q!Sh(mgu([cr']y: [^']v)) 

Esh [u^h(S',C/',0'),E] = [u^JS,17,0),P] , 

which concludes this part of the proof. 

2. (x ^ [/) By definition of Ug^, we have that: 

W ^') = ^shii^ \ (rel(S, x) U rel(S, t))) 

U bin(rel(S, x), rel(S, V)*) U bin(rel(S, x)*, rel(S, Z)*) 

U bin(bin(rel(S, x)*, rel(S, E)*), rel(S, Z)*)), U \ vars({x/f}), 6) , 

where Y = uvars(t) fl U and Z = vars(t) \ Y. Since Y C U, then for all u £ E 
and for all v G vars(x = t) with v ^ u, it is the case that v and u do not share 
variables, i.e., v ^ u ^ ft. <x{v). Therefore <j{u) G uvars(x(T = ta). Then 
we can apply Prop. [BTHl to obtain 

ash([cr]y, [x/t]y]) Esh (S \ (rel(S, t) U rel(S, x))) 

U bin(rel(S, x), rel(S, Y)*) U bin(rel(S, x)*, rel(S, Z)*) 

U bin(bin(rel(S, x)*, rel(S, Z)*), rel(S, F)*), P] . 

Again, assume vars(cr) n 17 = 0, tr' = mgu(Eq(tT) U {x = t}) = mgu(x(T = 
ta) o a and U' = U \ vars({x/t}). Given u G IP, u ^ vars(x = t) and 
since u by hypothesis does not share with any variable in x = t, we have 
u fl vars({x(T/tcr}). As a result cr'{u) = a(u) = u G V. Moreover, for each 
variable v, u G cr'{v) iff m £ cr(v). Therefore, if x £ vars(0') and v u, v and 
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u are independent in [cr^]y. Finally, if u G dom(0'), then u ^ vars((T) which 
implies u ^ vars(cr'). By inductive hypothesis we have 

ash(mgu([(T]y, [ 6 »]y)) = ash(mgu([cr']y, [^']v)) 

Esh ,U',6'),V] = [ni^{S,U,6),V] , 

which proves the lemma. □ 

Theorem B.8 

(Correctness of unifsh) The unification operator unifsh is correct w.r.t. unifpg. 
Proof 

Given [A, V] = unifps([Ai, Vi], <5), we know that, if [9]v £ A, then 

[^]y R^§R([^i]Vi 5 [^]vars(5)) R^§R([^i]vi) [^] Vi Uvars(5) 5 [^] vars (&)) ■ 

Note that, if ash([ 6 *i]vi) Esh [S', Ei], then 

ash(mgu([ 6 <i]y,, [e]y^uvars( 5 ))) Esh [S U {{a;} | x G vars(i5) \ Vi}, Vi U vars((5)] 

and each variable in vars(i5) \ Vi is free and independent in mgu([0i]y^, [e]viUvars(( 5 ))- 
Therefore, by applying Lemma lB.7[ we obtain 

ash([0]y) Esh unifsh([S, Vi],(5) . 

The theorem follows by the pointwise extension of ash to elements of Psub. □ 

C Optimality of Forward Unification 

We first introduce some notations. Given [Si,f7i] G Sharing and 9 G ISubst, let 
unifsh([Si, C/i], 0) = [S, Cl U vars(0)] and A G S. To ease notation, let us define 
U 2 = vars(0) \ Cl, S 2 = {{a:} | x G C 2 }, C = Ci U C 2 , Ai = A n Ci and 

A 2 = A n C 2 . 

f 

We begin by checking some properties of the unification algorithm in Ugj^. To 
simplify the notation, in the rest of this section we will use a slightly modified 
version of the operator Ugj^ which uses the rule Ugy^{T,V,e) = {T,V) (instead of 
the original rule Ugjj(r, y,e) = T). The only consequence of this modification is 
that the new operator returns a pair whose first argument is the same as in the 
original operator and whose second argument is a set of variables guaranteed to be 
free after the unification. 

Remark C.l 

Given {T',V') = Ug^{T,V,9) the following properties are easily checked from the 
definition: 

1. V' C V; 

2. if a; G U' n rng(0) and x G 0(r’), then v GV. 

3. ui^{T,V,9^9')=ni^iT\V\9') 

Let [H, U] = Q:sh([ 6 *]( 7 )- We want to prove that each A G S' is obtained as union 
of a number of sharing groups in H. However, these sharing groups cannot be joined 
freely but only according to some conditions. 
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Lemma C.2 

For each X € S, either X G H or there are Bi,... ,Bk G H s.t. Ui<kBi = X and 
for each i < k, Bi Ci Ui ^ 0. 

Proof 

The proof proceeds by induction on the number of bindings n in d. If n = 0, then 
9 = e, S = Si U S 2 and H = {{a;} \ x G Ui \J U 2 }■ X G S 2 then X = {x} for 
some X G U 2 , i.e., X G H. Otherwise, if X G Si, then X = lj{{a;} | x G X}. Since 
X G vars(S'i) entails x G Ui, we may take as Bfs the singletons {x} for each x G X 
and we have the required result. 

If n 7 ^ 0 then 6 = 6' {x/t} and Ugj^(5'i U S 2 , U 2 , 9) = Ugj^(T, V, {x/t}) where 

{T,V) = Ugjj(5'i U S2,U2,9'). Let [H',U] = ash([l^1c/)- We distinguish the cases 
X G V and x ^V. 

Assume x GV. If XgT \ (rel(T, <) U rel(r, x)) then X n vars({x/t}) = 0. 
By inductive hypothesis, X = Bi U ... U Bh where each Bj G H'. Since Bj n 
vars({x/t}) = 0, we have Bj G H and therefore the property is satisfied. Otherwise, 
X = A 1 UA 2 where Ai G xel{T, x) and A 2 G rel(r, f). Note that since x ^ vars(d'), 
then rel(iL', x) = {{x}}. Since {x} fl C/i = 0, it is not possible to join {x} with any 
other sharing group in H', and therefore rel(r, x) = {{x}} and Ai = {x}. Now 
assume, without loss of generality, A 2 G rel(T,y), with y G vars(t). By inductive 
hypothesis A 2 = Ci U ... U with each Cj G H'. First of all, note that, for each 
j, either Cj n vars({x/t}) = 0 which entails Cj G H, or Cj = occ{9',w) for some 
w G vars(t), which entails {x} U Cj = occ(9,w) G H. Therefore, it is possible to 
take k = h and Bj equals either to Cj or Cj U {x} so that Bj G H. Since there is 
at least one index I such that y G Ci, then Ci = occ{9',y) and x G Bi. Therefore 
UjBj = X. Moreover, either h = 1 or ft, > 1 and Cj n C/i 7 ^ 0 for each j < ft. 

Now assume x^V.lfXGT \ (rel(T, t) U rel(T, x)) then X n vars({x/t}) = 0 
and everything is as for the case x G V. Otherwise, the three cases in the definition 
of Ugjj may be subsumed saying that X = Ai U A 2 where Ai G re^S, x)* and 
A 2 G rel(S, t)*. Assume, by inductive hypothesis, that Ai = Cl U ... U C^ where 
each Cj G H' and A 2 = U ... U Cf where each C'j G H'. Since x ^ vars(ft') 
then rel(ift', x) = {{x}}. Therefore there exists C'j such that C'j = {x}. We assume 
without loss of generality that Cj = {x}. As for the case with x G V, we may 
dehne B"j equals to either Cj or Cj U {x} so that Sj G H. The same holds for 
all the elements of the kind Cj for j > 1. Moreover, there is at least one j such 
that Cj = occ{9',y) for some y G vars(t), i.e., such that x G Bj. Then, we have 
a collection of elements Bj and Bj such that each Bj, Bj G B and whose union 
gives X. We only need to prove that Bj D C/i 7 ^ 0 and Bj n Bi 7 ^ 0 for each j. 
Note that if Cj D C/i 7 ^ 0, then Bj n Bi %. Assume Cj n Bi = 0. By inductive 
hypothesis, this happens if Cj G re^B, t) (otherwise Cj is obtained by joining 
more than one element in H', and therefore it must contains some variable in Bi) 
. Thus, there exists y G vars(t) such that y G C'j , and therefore B'j = Cj Li {x} and 
Bj n Bi 7 ^ 0. In the same way, if Cj n Bi 7 ^ 0 the same holds for Bj. Note that, 
given Cj, by inductive hypothesis either Cj ^ rel(S', x) and therefore Cj n Bi 7 ^ 0, 
or Cj G re^B, x), and therefore x G Cj which entails again Cj fl Bi 7 ^ 0. □ 



62 


G. Amato and F. Scozzari 


Corollary C.3 

X = {x \ vars(0(a;)) n X 7 ^ 0}. 

Proof 

By Lemma FC. 2 1 we know X = BiU ■ ■ ■ U Bjq with Bi £ FI. li x & X then x G Bi for 
some i < N. Assume Bi = occ{9, w). Then w € Bi C X and w € vars(9(x)) n A. In 
the opposite direction, assume z £ vars(0(a;)) fl X. Since there is only one sharing 
group B in B such that z € B, namely B = occ{9,z), it must be the case that 
B = Bj for some j £ {1,..., N} and therefore x € Bj C X. □ 

Lemma C.4 

For each A £ S', A is 6 *-connected. 

Proof 

First note that, if A is 0-connected and Y C U 2 , then given 9' = 9 it) 9", it holds 
that A U F is 6 *'-connected. 

The proof is by induction on the number of bindings in 0. If 0 = e there is nothing 
to prove since A £ Si U S 2 , and thus Ai £ Si. 

Let 9 = 9' it) {x/t}, [F[',U] = ash([^*^]( 7 ), and {S,V') = Ugj^(T, F, {x/t}) where 
4^{SiUS2,U2,9') = iT,V). 

We distinguish two cases according to the fact that x £ F or not. Consider the 
case X £ y, which implies x £ U 2 - By hypothesis x ^ vars(0') therefore, by Lemma 
1C.21 rel(T, x) = {{a;}}. Therefore S is obtained by joining to each Q £ rel(r, t) the 
new sharing group {x} and removing {x} from T. It happens that each Q £ S is 

0-connected since: 1) either Q G T; 2) or Q = Q' U {x} for Q' G T and x £ U 2 - In 

the first case, Q is ^'-connected by inductive hypothesis, hence it is also 9 connected 
and the thesis follows. In the latter case, Q' is ^'-connected, and thus Q' U {x} is 
0 -connected since x £ C/ 2 - 

The other case is when x ^ y. If we take Q G S and assume Q GT \ (rel(T, x) U 
rel(r, t)), then it is ^'-connected by inductive hypothesis, and thus it is 0 -connected. 
Otherwise, take Q = Qi U Q 2 with Qi G rel(r, x) and Q 2 G rel(r, F)* where 

F = uvars(t) C V. Given y G Y, since y G V, then for each binding x'/t' in 0', 

if y £ vars(t') then x' G U 2 (see Remark 1C.II) . Therefore rel(iL, y) = {K} with 
A C C/ 2 , and by Lemma FC.21 the same holds for rel(T, y). This means Q 2 C C/ 2 . 
Thus QnC/i = Qi nC/i. Since Qi is ^'-connected by inductive hypothesis, it follows 
that Qi is 0-connected. 

Now, take Qi G rel(r, x)* and Q 2 G rel(r, Z)*, where Z = vars(t)\F. Thus Qi = 
Ai U ... U Afc with Ai G rel(r, x). By inductive hypothesis, Ai is ^'-connected, and 
therefore it is 0-connected. It follows that for each i <k there exist B\,..., B^, G Si 
such that Gj<kiBj = Ai (lUi and ./ 1 O 2 < ki. The same holds 

for Q 2 = Cl LS ... G Ch with Ci G rel(T, Z): for any Ci C C/i 7 / 0 we have that 
Ci n C/i = Gj<hiD^j with for all ji ,^2 < h. 

We need to show that given any Dif then Bl^TZggDi^. Actually, it is enough to 
show that for each i < k,j < h such that C^nC/i 7 / 0 , there are m, n s.t. Bl^TZegD-f. 
Since x £ and x £ C/i, without loss of generality we may assume that x £ Rj. 
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In the other hand, although vars(t) n Cj ^ 0, we cannot infer that there exists any 
s.t. vars(t) fl ^ 0 since it may well happen that vars(t) fl Cj C U 2 although 

Ui n Cj 7 ^ 0 . 

Assume Cj £ rel(T, z) for some z S Z OUi. Then, we may assume without loss 
of generality that z S D{, and B\TlgQD{ follows from the definition of TZeg, being 
z £ Q. Otherwise, Cj £ rel(r, z) for some z £ Z < 1 U 2 - By applying Lemmawe 
have Cj = Ei U ■ ■ ■ U Ep with Ei £ H' and Ei C\Ui % (this holds even if p = 1 
since Cj OUi ^ 0). Since rel(iJ',z) = {occ(0',z)}, then occlO',z) n Ui 7 ^ 0, i.e., 
there exists z' £ Ui such that z S vars(0'(z')). Then z' £ Cj and we may assume, 
without loss of generality, that z' £ D\. Again, we have B\TZeQD{ by definition of 
T^9Q- 

Observe that, if (52 OC/i 7 ^ 0, by symmetry and transitivity, this alone proves that 
Bl^TZgxBln' and DfTZgqDl^, for each i,m,i',m' and j,n,j',n'. Otherwise, there is 
no D-f and we need to prove in other ways that Bl^TZggBl^,. Since Q 2 riUi = 0, 
then Ci C U 2 for each i. This means Ci = occ{9',y) for some y £ U 2 and since 
Ci C U 2 it follows immediately that y £V. Then, since y £ Z, it must be the case 
that y ^ uvars(t) and therefore B\TZgQB'( by definition of TZgQ. 

It remains the case Q = Q 1 OQ 2 OQ 3 with Qi £ rel(T, x)*, Q 2 £ rel(r, Y)* and 
Qs £ rel(T, Z)*. However, this is a trivial corollary of the previous two cases, since 
we know that Qi U Q 3 is 0-connected and Q 2 QU 2 - □ 

Fixed X £ S, our aim is to provide a substitution 6 with Q;sh([< 5 ]( 7 i) E [S'!, Ui] and 
ash(mgu([( 5 ]( 7 i, [ 6 »]( 7 )) □ [{X},U\. By Lemma[C31 Xi = Hi U.. with Bi £ Si 
and BiTZgxBj for each i,j < n (where Xi = X H Ui). We let Ki = {Hi,..., H„}. 
We now want to define a substitution 6 such that ash([^]( 7 i) = [Ari,Hi]. For each 
sharing group B £ Ki, let us consider a fresh variable wb- Let W = {wb | H G ATi}. 
For each variable x, let B^ = {H{,...,H^} be the set rel(Ari,a;). Let N be the 
maximum cardinality of all the B^ for x £ Xi i.e., X = max^^Xi \Bx\- For each 
X £ Xi, we define two terms: 

Sx = t{c{wBl , WbI ), c(wbI , WbI ),■•■, c{wBk ,WBk), c{wbi , Wfii ),■••, c{wbi , Wfii ) ) 

'-V-' '-V-' 

k = \Bx\ times N — \Bx\ times 

4 = t{c{wBi , Wb2), c{wbi , Wbi), • . •, c{wBk , wbi),c{wbi , Wbi), • . •, c{wbi , Wbi)) 

" -V-' '-V-' 

k — \Bx\ times N — \Bx \ times 

Note that if A^ = 0 then ATi = 0 and Sx, s(. are undefined for any variable x. 

We introduce the following notation: given a term t we distinguish different oc¬ 
currences of the same variable by calling (y, n) the n-th occurrence of a variable y 
in t, where the order is lexicographic. For instance, a term f(x,g{y,y,x)) can be 
seen as the term f{{x, l),g{{y, 1), (y, 2), {x, 2))). For each y £ vars(0(Hi)) fl X, we 
choose a variable Xy £ Ui such that y £ 9{xy). Let a be a constant. We are now 
ready to define the substitution 5 in the following way: for each variable x £ Ui, 
6 {x) is the same as 9{x) with the difference that each occurrence (y, i) of a variable 
y £ 9{x) is replaced by defined as 

• tx,y,i = a it y ^ X, else 
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• tx,y,i = Sx 'A X = Xy and i = 1; 

• tx,y,i = s'x- otherwise. 

Note that, by Corollary IC.3[ if a: £ Xi, then 9{x) is not ground. Therefore, by 
construction, dom((5) = Ui and rng(5) = W. It is easy to check that Q!Sh([^]c/i) = 
[Ki^Ui] since given a variable wb, it appears in 5{x) iff a: £ B and therefore 
occ(5, wb)FUi = B. For all the other variables occ(5, u) = 0 if u £ C/i and occ{5, v) = 
{u} 2 Ui otherwise. Let us compute the value of mgu([5]c/j, mu). 

Lemma C.5 


mgu((5, 0) = mgulwi = W 2 \ wi,W 2 &W}opo9 
where p = {v/sx^ \ v £ vars(0(I7i)) fl X} U {v/a \ v £ vars(0(C/i)) \ X}. 

Proof 

Since = Sx„, by using the properties of equation sets it follows that: 

mgu(^, 9) = mgu({u = tx,v,i \ x G Ui, {v, i) is an occurrence of v in 0(a:)}) o 9 

= mgn{E) o po 9 . 

where E = \ x' £ Ui, {v,j) is an occurrence of v in 9{x')}. Let us 

define a relation between variables: 

vTZ'u <;=> 3y £ vars(0(u)) CiX. u = Xy A {u = v^y^ uvars(0(w)))} . 

Note that TZ' is not a symmetric relationship. Moreover, it depends from 9 and X, 
just as TZgx- However, since in this proof 9 and X are fixed, we decided to omit the 
indexes in order to simplify notation. By exploiting the above definition, we can 
rewrite mgu(i?) as follows: 

mgu(£') = mgn{{s'^ = Su \ v,u G Xi,vTl'u}) . (Cl) 

The above characterization shows that Eq(5) U Eq(0) is solvable, since s„ and s'^ 
are terms which unify by construction. Moreover, note that 

mgu{s„ = s),} = mgu{u;B = wb' \ B G Bu A B' G By} . 

We want to prove that mgu{s(, = Sy \v,uG Xi,vTVu} = rngujici = W 2 \ wi,W 2 G 
W}. It is obvious that mgu{s(, = Sy \ v,u G Xi,vTZ'u} = mgu{i/;B = wb' \v,u G 
Xi. B G By,B' G By.vTZ'u} = mgu{r(;B = wb' \ BIZB'} where F is the relation 
on Ki X Ki given by 

BTZB' <;=> da:, y G Xi. B G Bx A B' G By A xTZ'y . 

Since equality is transitive and reflexive, we know that 

mgu{iCB = wb' \ BTZB'} = rngulrcs = wb' \ B']Z*B'} , 

where TZ* is the symmetric and transitive closure of TZ. We now prove that TZ C 
TZgx TZ*, from which the thesis follows by Lemma FC.41 

If BTZB' there are x,y G Xi s.t. B G Bx A B' G By A xTZ'y. However B G Bx iS 
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X G B G Si and B' G By iS y G B' G Si. Now, assume 0 G vars(0(x)) fl X and y = 
Xz- Then z G vars(0(a:))nvars(6*(y))nX and this proves that BTZgxB'. On the other 
side, assume BTZgxB', i.e., there are x G B,y G B', z G vars(0(a:)) n vars(0(j/)) OX 
s.t. X = y z ^ uvars(0(x)). Since x G B and y G B', then B G B^ and 

B' G By. Since z G vars(6*(t/i)) fl X then Xz is defined and B^^ 0. Assume that 

X = y = Xz. Then z ^ uvars(0(a:)) and thus xTZ'y and BTZB'. Otherwise, we may 
assume without loss of generality that x^Xz.liy = Xz then xTZ'y and thus BTZB'. 
li y ^ Xz we can choose any B" G We know that xTZ'xz, yTZ'xz and thus it 
holds that BTZB" and B'TZB", from which BTZ*B' follows. The case y ^ Xz is 
symmetric. □ 

Proposition C.6 


ash(nigu([5]c/i, [6>]c/)) □sh [{W},t/] . 


Proof 

First of all, note that mgu([( 5 ]( 7 a A^]u) = [mgu((5, 9)]u since vars(0) C U. We proceed 
with two different proofs when W = 0 and W 7 ^ 0. If VF 7 ^ 0 then, according to 
Lemma fC.51 we can choose w G W and define the substitution cr = {w'/w \ w 7 ^ 
w' G W} = mgu(B). It only remains to prove that occ{a o po 9, w) nU = X. 

It follows easily that occ(cr o po9,w) = occ{p o 9, W) = occ{9, vars(9([Ji)) nX)U 
W) = occ(0, vars(0(C/i)) fl X) U W. Since U OW = 0 it follows that occ{a o p o 
9,w) nU = occ(9, vars(0(t7i)) fl X). 

By definition, occ(0, vars(0(17i)) fl X) = {y | vars(0(y)) fl vars(0(C/i)) fl X 7 ^ 0}. 
Thus, for any of such y, we have that vars(0(y))nX 7 ^ 0 and thus, by Corollarv lC.31 
y G X. It follows that occ{9,vais{9{Ui)) nX) C X. For the opposite direction, by 
Lemma 1C.21 there exist Bi,... ,Bk G H such that = X and B^ n Bi 7 ^ 0 for 
each i. Since Bi G H, then there exists v s.t. Bi = occ{9, v). Moreover, v G X since 
G Bi by definition of occ and 9{v) = v. Since B^ n Bi 7 ^ 0 it follows that there 
exists y G B^nBi such that r; G 9{y) C 9{Ui) and thus B^ C occ(0, vars(0(Bi))nX). 
Thus X C occ(0, vars(0(Bi)) n X). 

When W = %, mgu(B) = e and X = X 2 . In this case, by Lemma [C.21 X 2 = 
occ{9,x) for some x G B 2 . Since X 2 nBi = 0, then x ^ vars(0(Bi)), i.e., x ^ dom(p) 
and therefore occ(p o 9,x) = occ{9, x) = X 2 . □ 

Note that, in this proof, we worked with a signature endowed with a constant 
a and term symbols c and t of arity two and N respectively. Actually, it is evi¬ 
dent that the proof may be easily rewritten for the case when the signature has 
a constant and a symbol of arity at least two. Given s of arity n, we may replace 
in (5 a term t(ti, ..., tx) with c{ti, c{t 2 , c(..., tx))). Then, we replace c{ti,t 2 ) with 
s{ti, t 2 , a,a,... ,a) where a is repeated n — 2 times. 

Theorem C.7 

Ugjj is well defined, correct and optimal w.r.t. Up^. 
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Proof 

By Equation (1^ . we need to prove that: 

7 rsh(unifsh(p([S'i,C/i]),nigu(p(Ai) = ^2)), vars(A2)) = 

ash(7rps(unifps(/9(7Ps([5'i, C/i])),mgu(p(Ai) = A 2 )), vars(yl 2 ))) . 

By Theorems 15.31 and 15.41 we know that 7rsh is correct and complete and that 
abstract renaming is correct and 7 -complete. Moreover, by Theorem 16. 161 abstract 
unification unifsh is optimal. We have the following equalities. 

ash(7rps(unifps(p(7Ps([S'i,f7i])),mgu(p(Ai) = ^ 2 )), vars(2l2))) 

= 7rsh(Q;sh(unifps(p(7Ps([S'i,17i])),mgu(p(Ai) = 2 I 2 )), vars(A2))) [byTh.ES] 

= 7rsh(ash(unifps(7Ps(p([S'i, 17ii)),mgu(p(Ai) = 2 I 2 ))), vars(A 2 )) [byTh.El] 

= 7 rsh(unifsh(/o([S'i, f7i]),mgu(p(Ai) = A 2 )),vars( 2 l 2 )) . [by Th. 16.16) 

Thus Ugj^ is correct and optimal w.r.t. Up^. The fact that it is well defined (i.e., 
it does not depend on the choice of the renaming p) is a direct consequence of 
optimality. □ 


D Matching 

Theorem D.l 

(Correctness of matchsh) matchsh is correct w.r.t. matcfipg. 

Proof 

Consider [Qi,Ui] 7sh([5'i, Ci]) for * G { 1 , 2 } and [cr](7iuc/2 G matchps([0i, Ci], 
[02, C 2 ]). We need to prove that 

ash(M;7iuC/2) G matchsh([S'i,[/i],[S'2,t/2]) . 

Assume [tr] = mgu([tTi], [ 172 ]) with [cti] G 0i and [< 72 ] S 02- Let cti and 172 be two 
canonical representatives for [cti] and [ 0 - 2 ] such that vars(cri) fl vars(CT 2 ) = UiCi 1 / 2 - 
If CTi d:UinU2 ^2, there exists 6 G Subst such that i7i(a:) = S{a2{x)) for each x G 
t/int/ 2 . We may assume, without loss of generality, that dom(^) = vars(cr 2 {Uir\U 2 )). 
Now, the following equalities hold. 

cr =mgu(Eq(cr2),Eq(cri)) 

=mgu({cr2(x) = < 72 {criix)) \ X G t/i}) o cr2 

=mgu({a:: = tTi(x) | x G Ci \ U2} U {cri(x) = a2{x) | x G Ci C U2}) o CT2 
[by partitioning dom(cr2), since i 72 (cri(x)) = (ti(x) for x G Ui] 

=mgu({x = cri(x) I X G t/i \ U 2 }) o (5 o (72 

[since cri(x) = 5 {a 2 {x)) and dom( 5 ) = vars(cr 2 ( 17 i PI U2))] 

=^l\Ui\U2 o <5 o 0-2 
=^i\Ui\U2 0 (<5 o 0 - 2 ) ■ 

Now, given a variable v, by Lemma FB. 11 occ{a, v) fl {Ui U U 2 ) = v) fl 

Ui) U {occ{< 72, occ{6,v)) n 1/2)- We want to prove that occ(cr,x) H (C/i U U 2 ) G 
matchsh([*S'i, Ci], [S'2,1/2]). 
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Since dom((T) = C/i U t/ 2 , we may assume that v ^ UiU C/ 2 , otherwise occ{a, v) n 
(C/i U C/ 2 ) = 0. We recall that S[ = {B e Si \ B n U 2 = ^} and S'" = Si \ S^, 
S 2 = {B £ S 2 \ B OUi = %} and S'f = S 2 \ S 2 , according to Definition 17.11 We 
distinguish two cases: 

• V ^ rng(5), which implies v ^ rng(cri|( 72 )- Note that, if u S dom(5) then 
occ{a 2 , occ(S,v)) = 0 S S 2 , otherwise occ{a 2 , occ(S,v)) = occ{a 2 ,v) £ S 2 . So, 
it always holds that occ(a 2 , occ{S, v)) £ S 2 . We now distinguish some subcases. 
If u S rng(tTi) then occ{ai\iJi\U 2 J = occ{ai,v). Moreover, since v £ rng(tTi), 
then V ^ vars(cr 2 ) and thus occ{a 2 ,v) = {u}. We have that occ(a,v) fl (C/i U 
C/ 2 ) = occ(ai,v) £ Si- Otherwise, if u £ rng(cr 2 ), then v ^ vars((7i) and 
occ(ai,v) = {u}. Therefore occ{a,v) fl (C/i U C/ 2 ) = occ((J 2 , occ(S, v)) £ S 2 . 
Otherwise, if u ^ rng((Ti) U rng(tT 2 ) then oce(a, v) 0 (C/i U C/ 2 ) = 0. 

• V £ rng((5). We want to prove that occ(a, v) = Xi 0 X 2 where Xi = occ{ai,v) 
and X 2 = occ(a 2 , occ(S,v)) enjoy the following properties: Xi £ S", X 2 £ 
S'f*, Xi nC /2 = X 2 C\Ui. First of all, note that occ{ai\U:^\u 2 J^)OUi = Xi\U 2 - 
Moreover, occ((T 2 , occ(S,v)) fl C/i = occ(cr 2 |; 7 i, occ(S,v)) fl C/i, which in turn is 
equal to occ(S o (T 2 |; 7 i,' 1 ') 0 C/i = occ(tTi|( 72 ,u) 0 C/i = occ(ai,v) O C/i fl C /2 D 
Xi n C/ 2 . This proves that occ((T, v) = Xi U X 2 and Xi 0 C /2 = X 2 HUi. 
While it is obvious that Xi £ Si and X 2 £ S 2 , we still need to prove that 
Xi £ Si and X 2 £ S'f*. For each y £ occ{6, v), by definition of 6 we have that 
y £ (T 2 {Ui n C/ 2 ) and therefore oec(a 2 , y) H C/i ^ 0. This proves that X 2 £ S'f*. 
Moreover, if u £ rng((5) then v £ rng((Ji|j/ 2 ) and thus occ{ai,v) £ Sf. □ 

Theorem D.2 

(Weak completeness of matchsh) The operator matchsh is optimal on the first 
argument and complete on the second one when matchpg is restricted to the case 
when the second argument contains a single substitution. In formulas: 

matchsh([5'i,C/i],Q;sh([{o-2},C/2])) = ash(matchps( 7 sh([S'i, C/i]), [{[ 0 - 2 ]}, C/ 2 ])) . 
for each [{[ 0 - 2 ]}, U 2 ] £ Psub and [S'!, Ui] £ Sharing. 

Proof 

Since matchsh is correct w.r.t. matchps, it follows that: 

ash(matchps( 7 sh([S'i, C/i]), [{[ 0 - 2 ]}, U 2 ])) Esh matchsh([-5'i, C/i], ash([{[o- 2 ]}, C/ 2 ])) . 
So, we only need to prove that: 

matchsh([-5'i, C/i], ash([{[o- 2 ]}, C/ 2 ])) Esh ash(matchps( 7 sh([S'i, C/i]), [{[ 0 - 2 ]}, C/ 2 ])) . 

Assume, without loss of generality, that CT 2 is a canonical representative of [cr 2 ]c /2 
and rng(tT 2 ) n C/i = 0. Take B £ S, where [5*, Ui U C/ 2 ] = matchsh ([-S'!, Ui], [5*2, C/ 2 ]), 
with [52, C/ 2 ] = Q:sh([{[o' 2 ]}, ^^ 2 ])- We have three cases. 

• If B £ 5] then B £ Si and B C C/i \ C/ 2 . Let S = {x/v j x £ B}[J {x/a \ 
X £ vars(tT 2 (t^i \ B))} and CTi = (<5 o (J 2 )\Ui where u is a fresh variable. It 
follows that dom(CTi) = Ui and rng(cri) = {u} with occ(cri,u) = B, therefore 
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[cti, ? 7 i] Eps 7Sh([-S'i, J 7 i]). Clearly cti <^2 since Ci n C2 C t/i \ B. Let 

cr = nigu(cri, (T2)- Since B n dom((T2) = 0 and w is a fresh variable, it follows 
that occ(a,v) = B, and thus B G ash(matchps( 7 sh([> 5 'i, C/i]), [{[0-2]}, C/2]))- 

• If -B G S2, there exists v £ V such that occ{a2,v) H U2 = B. Let X = 
vars(cr2(t^i))) and take S = {x/a \ x G X}. Then ax = {5 o a2)\Ui is such that 
occ(CTi,n) n [/i = 0 for each n G V, therefore cti G 7sh([*S'i, C/i]). Moreover 
mgu(cr2,o’i) G rnatchps( 7 sh([ 5 'i, C/i]), [{[0-2]}, C^2])- By the proof of Theorem 
ID . 11 Equation (IDip . we have mgu(cri,(T2) = 5 o <72- Since B GUi = 0 , then 
V ^ X = vars(( 5 ), and therefore occ {5 o a2,v) H 1/2 = occ{a2,v) < 11/2 = B. 
Hence B G ash(matchps(7sh([*S'i, Ui]), [{[0-2]}, U2]))- 

• We now assume B = XiU[j X with X C S2, Xi G S'", {jXGUi = Xi n C/2. 
Then, for each H £ X, there exists vh £ V such that occ(ct2, vh) GU2 = H. 
Since HfMJi y/ 0 for each H £ X, then vh £Y = vars(cr2(C/i)). Consider the 
substitution 

<5 = {vh/v \ H £ X} {w/ a \ w £ \/H £ X.w ^ vh} 

for a fresh variable v and 

ai = {So a2)\ui \ x £ Xi\ C/2} . 

We want to prove [{[cri]}, Ui] £ 7sh([Si, C/i]). By dehnition of cti we have that 
occ(ai,v) n C/i = (occ(a2, {vff | H £ Xj) n Ui) U Xi \ C/2 = (IJ X n C/i) U 
Xi \ C/2 = Xi G Si. Otherwise, for ui n we have that either occ{ai,w) = 
0 when w £ Ui or occ{ai,w) = occ(a2,w) which is disjoint from C/i. In 
both cases, occ((Ji,iu) n C/i = 0 G Si. By definition of ai, [mgu(cri, 0-2)] G 
matchps(7sh([Si, C/i]), [{[0-2]}, C/2]). Moreover, we know from (IDip that 

mgu(cr 2 , CTi) = 5 o (72 W {x/v I a; G Xi \ C/ 2 } . 

Let a = mgu(CTi, 0-2). Note that occ{a, v) fl {Ui UC/2) = Xi \ C/2 U occ(cr2, {vh \ 
H £ X}) n c/2. By definition of vr, occ{(J2,vh) C C/2 = B, hence occ{a,v) n 
(C/i U C/2) = (Xi \ C/2) U U ^ = ^1 U U ^ = B. 

This proves the theorem. □ 

Theorem D .3 

(Optimality of matchsh) matchsh is optimal. 

Proof 

Given [Si, C/i], [S2, C/2] G Sharing, we have 

ash(matchps( 7 sh([Si,C/i]), 7 sh([S 2 ,C/ 2 ]))) 

= ash(Ups{matchps( 7 sh([Si,C/i]), [{[cr]}, C/2]) | ash([cr]( 7 j Esh [82,1^2]}) 

[since matchps is additive] 

= LJsh {matchsh([Si, C/i], [X, C/2]) | X = ash([cr]c/2) Esh [S2, C/2]} 

[by completeness of Ush and Theorem ID .21 
= matchsh([Si, C/i], Ush{[-^, t/2] [ X = Q!Sh([o']( 72 ) Esh [S2, C/2]}) . 

[since matchsh is additive] 
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Since ash defines a Galois insertion, it is surjective, and therefore Ush{[-^ 5 G 2 ] | 
X = ash([o-](72) Esh [5'2, U 2 ]} = [S' 2 , U 2 ] and we obtain 

ash(matchps(7sh([5'i, Gi]), 7sh([5'2, U 2 \))) = matchsh([>S'i, Ui], [S' 2 , C/ 2 ]) , 

which concludes the proof. □ 

Theorem D .4 

(Strong optimality of unifsh) Given [Si,C/i] S Sharing and 9 G ISubst, there 
exists a substitution <5 £ ISubst such that ash([d]c/i) Esh [Si, Ui] and 

ash(unifp,([{[<5]}, Ui],e)) = unifsh([Si, C/i], d) . 


Proof 

The optimality result proved in Theorem 16.161 shows that there exists [0i, Ui] Gps 
7 Sh([Si, C/ij) such that ash(unifps([0i, C/i], 6 *)) = unifsh([Si, C/i], (5). We need a 
stronger result which proves that 0 i can be chosen as a singleton. 

Assume unifsh([Si, C/i], 6 *) = [S,Ui U C/ 2 ] where C /2 = vars(0) \ Ui and S = 
{X ^,..., Ai"}. Following the construction in Section [C] for each X® let us define 
X], X 2 , X®, Kl, X|, W\ s^, s'^, U as in the proof of optimality for unifsh. We 
choose W®, such that IF® fl = 0 if t ^ j and we denote by the elements 
of W\ 

For each y £ vars(d(C/i)) fl (Ui<i<„X®), we choose a variable Xy £ Ui such that 
y £ 9{xy). Then, we define the substitution 5 in the following way: for each variables 
X £ C/i, 5{x) is the same as 9{x), with the exception that each occurrence {y,j) of 
a variable y £ 9{x) is replaced by t^^yj = t{tlyj,. /".yj)) where: 

• =a.\iyiX\ 

• t'‘x,y,j — otherwise, ii x = Xy and j = 1 ; 

• y j = s'!, otherwise. 

By construction dom(d) = Ui and rng((5) = Ui<i<nW^*- If is easy to check that 
«Sh([{d}, Ui]) = [Ui<i<n Kl,Ui] Esh [S'!, C/i]. Using the properties of the equation 
sets we can prove that 

mgu((5, 6 ) 

= mgu({i; = tx,v,j I X £ C/i, (v,j) is an occurrence of v in 6 >(ai)}) o 9 
= mgu(i/) o po 9 , 

where 

p = {v/tx^,v,i I V £ vars( 6 >(C/i))} , 

E = I f £ { 1 ,..., n}, P e X®, x' £ C/i, 

{v,j) is an occurrence of p in d(a;')} . 

Now, each X® = = tx’^v,j I ^ Ei, {v,j) is an occurrence of v in 9{x'),v £ 

X®} is the same equation which appears in (IGlIl for X = X®. Therefore, for each 
i £ such that IF® 7 / 0, we choose a single w® £ IF® and define 7 ® 
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with dom( 77 *) = \ {w*} and ^ 

choose rf = e. We know from the proof of Lemma [C.5I that rf = mgu(if*), and 

mgu(i?) = T] = 1+Ji<j<„ rf since vars(if*) fl vars(if'’) = 0 for z 7 ^ j. Therefore 

mgu(( 5 , 0) = rj o p o 9 . 

We now want to prove that ash ([?7 ° P o 0 ]; 7 iU( 72 ) 3ps [{-^*}, C^i U C/ 2 ] for each z g 
{1,..., zz}. If 7/0 then W* 7 / 0, and we have occ{popo9, za*) = occ{p^ opo9, za*). 
Following the proof of Lemma IC.SI with X = X*, we have that occ{popo9,w'^)r\U = 
XL When XI = 0, we may choose a* g In this case, occfq o p o 0, a*) fl C/ = 

occ(0, a*) n [/ = X® as proved in Prop. 1C.61 □ 

As for Prop. 1C.61 in the proof of this theorem we assume that we have term 
symbols for each arity. However, it is possible to rewrite terms so that a constant 
symbol and a binary term symbol suffice. 

Theorem D.5 

Ugjj is correct and optimal w.r.t. Up^. 

Proof 

Correctness immediately follows by the fact that Up^ is obtained by tupling and 
composition of correct semantic functions. 

By using Theorems ID. 21 and ID. 41 it is possible to prove that 

matchsh([-S'i, Ui], unifsh([ 5 ' 2 , C/ 2 ], 6*)) = 

ash(matchps(7sh([S'i, C/ij), unifsh( 7 Sh([ 5 ' 2 , C/ 2 ]), 9 ))) , 

i.e., that the composition of matchsh and unifsh, as used in Ug^,, is optimal. 

Assume given [S'!,//!] and [82,112] g Psub and 9 g ISubst. Consider [{[o']},C/2] g 
7Sh(l<S'2, C/2]) obtained bv Lemma lD.dl such that unifps([{[(T]}, C/2]), 0 ) = [{J( 5 ]},C/ 2 U 
vars( 6 >)] and ash([{[<!]}, C/2 Uvars( 0 )]) = unifsh([<S'2, C/2], 0 ). Then, we have 

matchsh([S'i, C/i], unifsh( 15 ' 2 , C/ 2 ], 6 »)) 

=matchsh([*S'i, C/i],ash(unifps([{[cr]}, U2],9))) 
=ash(matchps( 7 sh([ 5 'i, C/i]), unifps([{[tT]}, C/ 2 ], 6 »))) 
by Theorem ID. 21 so that, in general 

matchsh]]-^!, C/i], unifsh(15'2, C/ 2 ], 6 »)) Esh 

ash(matchps(7sh([S'i, C/i]), unifps( 7 sh( 15 ' 2 , C/ 2 ]), 9 ))) . 

The proof that Upg is optimal follows from this result, completeness of zrsh and 
7 -completeness of p. □ 
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